Drata

Connecting Digital Ocean to Drata allows for the automated, continuous monitoring and evidence collection of infrastructure security controls required for compliance.

Make sure you have access to your company's Digital Ocean account.

Digital Ocean's API does not support pulling infrastructure users. When you make the connection in Drata, the Managed Accounts page will show no user accounts, even if the connection was made successfully.

- As a result, the following monitoring tests will show now Digital Ocean users in their results:
  - MFA on Infrastructure Console
  - Employees have Unique Infrastructure Accounts
  - Infrastructure Accounts Properly Removed

The following monitoring tests are supported by this integration:

- SSL/TLS on Admin Page of Infrastructure Console
- Cloud Data Storage Exposure (if connected with Spaces access keys)
- Daily Database Backups
- Cloud Infrastructure Linked to Drata

- Digital Ocean's API does not support pulling infrastructure users. When you make the connection in Drata, the Managed Accounts page will show no user accounts, even if the connection was made successfully.
  - As a result, the following monitoring tests will show now Digital Ocean users in their results:
    - MFA on Infrastructure Console
    - Employees have Unique Infrastructure Accounts
    - Infrastructure Accounts Properly Removed
- The following monitoring tests are supported by this integration:
  - SSL/TLS on Admin Page of Infrastructure Console
  - Cloud Data Storage Exposure (if connected with Spaces access keys)
  - Daily Database Backups
  - Cloud Infrastructure Linked to Drata

On the Drata connections page, choose Digital Ocean as your infrastructure provider. If you're not already logged in to DO, you will be redirected to their register / login page; otherwise, you'll be redirected to the app authorization page.

When making the initial connection, Drata will give you the option to connect with the currently-signed-in Individual Account OR to any of the Teams that account is a member (role of Owner, Member, or Biller) of. <b>We recommend connecting with a team account</b>.

- On the Drata connections page, choose Digital Ocean as your infrastructure provider. If you're not already logged in to DO, you will be redirected to their register / login page; otherwise, you'll be redirected to the app authorization page.
- When making the initial connection, Drata will give you the option to connect with the currently-signed-in Individual Account OR to any of the Teams that account is a member (role of Owner, Member, or Biller) of. <b>We recommend connecting with a team account</b>.

If your company is using Spaces, we will need to go through the process of Creating Access Keys. (steps in the next section)

- If your company is using Spaces, we will need to go through the process of Creating Access Keys. (steps in the next section)

In order for Drata to access the Spaces API, you'll need to provide access keys. This can be done on the API page of your dashboard.

Once you click 'Generate New Key', simply provide a name for your access key. This will generate a public key and a time-sensitive secret key. Both are required to allow Drata to read your spaces.

New Space URL: <a href="https://cloud.digitalocean.com/spaces/new" rel="nofollow noopener noreferrer" target="_blank">https://cloud.digitalocean.com/spaces/new</a>

Spaces can be created with two privacy options:

- Restrict File Listing
- Enable File Listing

This privacy option is what the Cloud Data Storage Exposure monitor (104) reads; spaces created with the Enable File Listing option will fail this monitor.

This article walks through the details of configuring Digital Ocean to connect to Drata.

BEFORE DIVING IN

Limitations

Connecting to Digital Ocean in Drata

Creating Access Keys for Spaces

Creating Spaces