HERE'S WHY
Connecting Digital Ocean to Drata allows for the automated, continuous monitoring and evidence collection of infrastructure security controls required for compliance.
BEFORE DIVING IN
Make sure you have access to your company's Digital Ocean account.
Limitations
Digital Ocean's API does not support pulling infrastructure users. When you make the connection in Drata, the Managed Accounts page will show no user accounts, even if the connection was made successfully.
As a result, the following monitoring tests will show now Digital Ocean users in their results:
MFA on Infrastructure Console
Employees have Unique Infrastructure Accounts
Infrastructure Accounts Properly Removed
The following monitoring tests are supported by this integration:
SSL/TLS on Admin Page of Infrastructure Console
Cloud Data Storage Exposure (if connected with Spaces access keys)
Daily Database Backups
Cloud Infrastructure Linked to Drata
Connecting to Digital Ocean in Drata
On the Drata connections page, choose Digital Ocean as your infrastructure provider. If you're not already logged in to DO, you will be redirected to their register / login page; otherwise, you'll be redirected to the app authorization page.
When making the initial connection, Drata will give you the option to connect with the currently-signed-in Individual Account OR to any of the Teams that account is a member (role of Owner, Member, or Biller) of. We recommend connecting with a team account.
If your company is using Spaces, we will need to go through the process of Creating Access Keys. (steps in the next section)
Creating Access Keys for Spaces
In order for Drata to access the Spaces API, you'll need to provide access keys. This can be done on the API page of your dashboard.
Once you click 'Generate New Key', simply provide a name for your access key. This will generate a public key and a time-sensitive secret key. Both are required to allow Drata to read your spaces.
Creating Spaces
New Space URL: https://cloud.digitalocean.com/spaces/new
Spaces can be created with two privacy options:
Restrict File Listing
Enable File Listing
This privacy option is what the Cloud Data Storage Exposure monitor (104) reads; spaces created with the Enable File Listing option will fail this monitor.