With more than 312 data breaches reported in the first four months of 2017 alone, security is on the minds of many system administrators and developers. To help its users fortify their own operations, DigitalOcean has added free firewall service to its cloud services, one designed to be easy to use and highly scalable.
“We want them to have zero friction as part of the experience,” said Mitch Wainer, DigitalOcean co-founder.
Following on the heels of the introduction of load balancers in February, and droplet monitoring in April, the new firewall service is one more step in DigitalOcean Chief Technology Officer Julia Austin‘s mission to expand DigitalOcean’s capabilities.
The Cloud Firewalls service does not require an installation of any software and can be activated on a developer’s infrastructure with a single click.
The service can be configured either through the dashboard or on the command line. One click selects all ports of a droplet (DigitalOcean’s basic virtual machine) to be covered by the firewall’s rules. Then, individual ports can be de-selected as necessary, allowing fast setup for applying different rules for different inbound connections.
Users can create groups, define and apply access rules down to droplet, load balancer, IP ranges or tag levels as needed, thus preventing unauthorized traffic from reaching the droplets. Rules can be changed in one place and instantly applied to every Droplet that is tagged, allowing developers to easily program different rules for different inbound connections.
“So you can redirect traffic to set your SSH or HTTP, ICMP, you can secure the inbound traffic to accept it or drop it, thus securing both internal and external traffic,” explained Wainer.
Cloud Firewalls scales automatically from one Droplet to thousands.
So instead of developers having to install security policies on each individual droplet manually, explained Wainer, this allows them to do it across multiple droplets using tagging feature. “They can seamlessly and instantly apply the same rule across thousands of Droplets if needed,” he said.
Developers can also leverage DigitalOcean’s API to automate tasks and build integrations. With a single call you can create a rule for whichever port you want to set, and then select the source, and create a tag that can be applied across multiple Droplets. Official client libraries are available in Go and Ruby.
More to Come
This is just the first step in DigitalOcean’s security story, said Wainer. “When we launch a product, it’s not the end of the line, but a first step.” They will be iterating this product and shipping more advanced features over the next year.
By the end of this year, the DigitalOcean platform will be much more robust and able to support any size organization at scale, Wainer said. You can follow the launch schedule here.
“Along with the monitoring service announced in April, we’re continuously adding value to the community by layering in on top these free services,” Wainer said. The DigitalOcean pricing model only charges for the underlying infrastructure. The Cloud Firewalls are free.
“We believe that we need to help and educate and add value back to the larger community. This free service adds to that direction,” he said.
DigitalOcean is a sponsor of The New Stack.
Feature image via Pixabay.