The feature allows developers to spin-up virtual servers within the platform. From there, developers are able to gain insight into the servers using a free monitoring service the company recently announced.
Today’s announcement is DigitalOcean’s first major security offering and allows developers with a large number of Droplets to whitelist which ports are open and which IP ranges, tags, or load balancers can access them, said DigitalOcean co-founder Mitch Wainer.
“When a user applies a cloud firewall to a Droplet, all ports are closed by default, except the ones that are explicitly open,” Wainer wrote in an email to SDxCentral. “If anyone tries to reach a port that isn’t on the whitelist, or is from a source that isn’t on it, they will be denied access, which reduces the area of attack.”
The service also allows policies to be changed in a centralized location and can be applied to Droplets by tagging them through the whitelist approach. By securing Droplets, developers are able to protect the applications they deploy on the platform.
“This will especially help engineering teams working with large-scale applications at enterprises, since they can protect all of their Droplets in just a few seconds,” Wainer wrote.
Developers on DigitalOcean’s cloud platform previously had to set firewall restrictions for individual servers, which was time consuming and left open more room for error, Wainer wrote.
The company claims to have several customers using the cloud firewall service in beta. For example, StackPoint.io is a cloud company that makes it easier to manage Kubernetes clusters, and its customers are using the cloud firewall service to secure Kubernetes service ports.