{"componentChunkName":"component---src-templates-tag-jsx","path":"/blog/tag/trust-security/","result":{"data":{"prismic":{"allFeaturedblogs":{"edges":[{"node":{"featured_blogs_enabled":true,"heading":[{"type":"paragraph","text":"Featured posts","spans":[]}],"featured_blog_1":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":395},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/6d8d81b1-971a-4313-b033-b4e125cb14a0_MondoDB-blog-header-790x395.PNG?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Introducing DigitalOcean Managed MongoDB – a fully managed, database as a service for modern apps","spans":[]}],"blog_post_date":"2021-06-29","blog_post_content":[{"type":"paragraph","text":"MongoDB is one of the most popular databases, and it’s ideal for apps that evolve rapidly and need to handle huge volumes of data and traffic. It offers advantages like flexible document schemas, code-native data access, change-friendly design, and easy horizontal scale-out.","spans":[{"start":22,"end":44,"type":"hyperlink","data":{"link_type":"Web","url":"https://db-engines.com/en/ranking","target":"_blank"}}]},{"type":"paragraph","text":"However, building and maintaining MongoDB clusters from the ground up can be a huge undertaking. Developers often complain that they have to spend their valuable time and resources on database management. Well, we’ve been listening and have some great news: accessing and managing MongoDB on DigitalOcean just got a lot simpler!","spans":[]},{"type":"paragraph","text":"We are excited to announce that DigitalOcean Managed MongoDB is now in General Availability. Managed MongoDB is a fully managed, database as a service (DBaaS) offering from DigitalOcean, built in partnership with and certified by MongoDB Inc. It provides you all the technical capabilities that make MongoDB so beloved in the developer community. Together we have ensured that you will get access to all the latest releases of the MongoDB document database as they become available.","spans":[{"start":32,"end":91,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/managed-databases-mongodb/"}},{"start":230,"end":241,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.mongodb.com/","target":"_blank"}}]},{"type":"paragraph","text":"Managed MongoDB simplifies the MongoDB administration. Developers of all skill levels, even those who do not have prior experience in databases, can spin up MongoDB clusters in just a few minutes. We handle the provisioning, managing, scaling, updates, backups, and security of your MongoDB clusters, allowing you to offload the complex, time consuming –yet critical – database administration tasks to us. This empowers you to focus on what really matters: building awesome apps.","spans":[]},{"type":"embed","oembed":{"height":113,"width":200,"embed_url":"https://www.youtube.com/watch?v=NvHQSV7jnKA","type":"video","version":"1.0","title":"Create a MongoDB Database on DigitalOcean","author_name":"DigitalOcean","author_url":"https://www.youtube.com/c/Digitalocean","provider_name":"YouTube","provider_url":"https://www.youtube.com/","cache_age":null,"thumbnail_url":"https://i.ytimg.com/vi/NvHQSV7jnKA/hqdefault.jpg","thumbnail_width":480,"thumbnail_height":360,"html":"<iframe width=\"200\" height=\"113\" src=\"https://www.youtube.com/embed/NvHQSV7jnKA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen></iframe>"}},{"type":"heading2","text":"Benefits of Managed MongoDB","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"list-item","text":"Easy set up and maintenance: We create the database clusters for you. Simply choose the cluster configuration (e.g., memory, disk size, number of nodes, etc.), and the data center in which you want to host the database. Follow a few simple steps and your database cluster will be up and running in a matter of minutes. You can spin up clusters using the cloud control panel, CLI, or API.\n\n","spans":[{"start":0,"end":28,"type":"strong"}]},{"type":"list-item","text":"Automatic daily backups with point in time recovery: Data is one of the most important assets of an app, so it’s critical to backup your database. We take backups of your entire clusters automatically on a daily basis, for free. We also provide a point in time recovery for 7 days, that way if things go wrong due to human error, machine error, or some combination of both, you can easily restore the database as it was at any point in the previous 7 days. \n\n","spans":[{"start":0,"end":52,"type":"strong"}]},{"type":"list-item","text":"Automatic updates and access to latest MongoDB releases: You get access to MongoDB 4.4. This is the latest release of MongoDB and comes packed with numerous enhancements like hedged reads, rust, and swift drivers. Since we have developed Managed MongoDB in partnership with MongoDB Inc, you will always get access to new releases as they become available. With Managed MongoDB, the updates happen automatically. Just select a date and time for the updates and we take care of the rest. This makes it easy to stay up to date with MongoDB releases without disrupting your business.\n\n","spans":[{"start":0,"end":56,"type":"strong"},{"start":148,"end":169,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.mongodb.com/new","target":"_blank"}}]},{"type":"list-item","text":"High availability with automated failover: If your database goes down, it can take down the entire app, leading to bad customer experiences. With Managed MongoDB, you can easily minimize the downtime for your database and make it highly available with standby nodes. Standby nodes add redundancy, so if for example the primary node fails, the standby node is immediately promoted to primary and begins serving requests while we provision a replacement standby node in the background.\n\n","spans":[{"start":0,"end":42,"type":"strong"}]},{"type":"list-item","text":"Scale up easily to handle traffic spikes: As your app gains traction and the usage grows, it’s important to have a database that can keep up with the increased demand. With Managed MongoDB, you can easily scale up the size of database nodes when needed.\n\n","spans":[{"start":0,"end":41,"type":"strong"}]},{"type":"list-item","text":"Secure by default: Since data is critical, it also needs to be secure. We encrypt data at rest with LUKS and in transit with SSL. When you create a new cluster, it’s placed in a VPC network by default that provides a more secure connection between resources. You can also restrict access to your nodes to prevent brute-force password and denial-of-service attacks.","spans":[{"start":0,"end":18,"type":"strong"},{"start":178,"end":189,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/networking/vpc/"}}]},{"type":"heading2","text":"The need for Managed Databases","spans":[]},{"type":"paragraph","text":"DigitalOcean’s mission is to simplify cloud computing so developers, startups, and SMBs can spend more time building software that changes the world. While databases are a critical component to any application, building, maintaining, and scaling them can be complex and time consuming. For developers that are building apps for their business, database administration is often not a core focus area. But it’s quite common to find developers that write the code and then also roll up their sleeves to maintain databases. Such users would rather offload the tedious database administration and focus their limited time and energy on building and enhancing their apps. ","spans":[]},{"type":"paragraph","text":"With this in mind, we introduced Managed Databases a couple of years ago and are excited to add Managed MongoDB to our portfolio. With this release, DigitalOcean Managed Databases now supports the following engines:","spans":[{"start":33,"end":50,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/managed-databases/"}}]},{"type":"image","url":"https://images.prismic.io/www-static/87745cc1-1c5f-4463-b104-104b7fc30dc7_managed-databases-logos.png?auto=compress,format","alt":null,"copyright":null,"dimensions":{"width":849,"height":104}},{"type":"paragraph","text":"Managed MongoDB launch comes on the heels of DigitalOcean App Platform, a modern, reimagined PaaS (Platform as a Service) that we released a few months ago. App Platform makes it very easy to build, deploy, and scale apps and static sites. You can deploy code by simply pointing to your GitHub and GitLab repos, and App Platform will do all the heavy lifting of managing infrastructure, app runtimes, and dependencies. App Platform, along with Managed Databases, helps fulfill DigitalOcean’s mission by empowering developers, startups, and SMBs to focus more on their apps, and less on the underlying infrastructure and databases.","spans":[{"start":45,"end":70,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/app-platform/"}}]},{"type":"heading2","text":"How Managed MongoDB works","spans":[]},{"type":"paragraph","text":"DigitalOcean provides you with various compute options to build your apps like:","spans":[]},{"type":"list-item","text":"Droplets: On-demand, Linux virtual machines suitable for production business applications and personal passion projects.","spans":[{"start":0,"end":8,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/droplets/"}}]},{"type":"list-item","text":"DigitalOcean Kubernetes: Managed Kubernetes with automatic scaling, upgrades, and a free control plane.","spans":[{"start":0,"end":23,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/kubernetes/"}}]},{"type":"list-item","text":"DigitalOcean App Platform: A fully managed Platform as a Service.","spans":[{"start":0,"end":25,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/app-platform/"}}]},{"type":"paragraph","text":"No matter which compute option you choose to build your apps, you can easily add Managed MongoDB to it. In addition to this, Managed MongoDB also integrates with the Node.js 1-Click App from DigitalOcean Marketplace making it a lot easier to build Node.js apps.","spans":[{"start":166,"end":215,"type":"hyperlink","data":{"link_type":"Web","url":"https://marketplace.digitalocean.com/apps/nodejs"}}]},{"type":"heading2","text":"Simple, predictable pricing","spans":[]},{"type":"paragraph","text":"Just like all DigitalOcean products, Managed MongoDB provides simple, predictable pricing that allows you to control costs and prevent any surprise bills. You can spin up a database cluster for just $15/month, or a highly available three-node replica set for $45/month. Click here for more information.","spans":[{"start":270,"end":301,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/pricing/#managed-databases"}}]},{"type":"heading2","text":"Regional availability","spans":[]},{"type":"paragraph","text":"Managed MongoDB is currently available in the following regions:","spans":[]},{"type":"list-item","text":"NYC3 (New York, USA)","spans":[]},{"type":"list-item","text":"FRA1 (Frankfurt, Germany)","spans":[]},{"type":"list-item","text":"AMS3 (Amsterdam, Netherlands)","spans":[]},{"type":"paragraph","text":"We will be making Managed Mongo available in other regions soon. Please check out the release notes for most up to date information on regional availability.","spans":[{"start":86,"end":99,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/release-notes/"}}]},{"type":"heading2","text":"Join us at deploy, DigitalOcean’s virtual user conference","spans":[]},{"type":"paragraph","text":"Today we have deploy, DigitalOcean’s signature user conference, which focuses on celebrating, educating, and connecting awesome builders from all over the world.","spans":[{"start":14,"end":20,"type":"hyperlink","data":{"link_type":"Web","url":"https://deploy.digitalocean.com/home"}}]},{"type":"paragraph","text":"Check out the keynote session from DigitalOcean's CEO, Yancey Spruill, in which he talks about where we're headed as a company and shares some exciting product updates. His keynote will be followed by sessions from community members, engineers, customers, and other experts that are building technologies and businesses powered by the cloud. With live Q&A and an active Discord server, there’s ample opportunity to engage and learn something new. Click here to attend the deploy conference.","spans":[{"start":14,"end":69,"type":"hyperlink","data":{"link_type":"Web","url":"https://deploy.digitalocean.com/agenda/session/552806"}},{"start":347,"end":384,"type":"hyperlink","data":{"link_type":"Web","url":"http://do.co/deploy-discord"}},{"start":461,"end":489,"type":"hyperlink","data":{"link_type":"Web","url":"http://do.co/deploy"}}]},{"type":"paragraph","text":"We are also launching a hackathon for DigitalOcean Managed MongoDB. Learn how you can participate, submit an app and get a t-shirt.","spans":[{"start":24,"end":66,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/mongodb-hackathon"}}]},{"type":"paragraph","text":"We hope you will give Managed MongoDB a try. Here are some sample datasets and sample apps that you can use to kick the tires. Check out the docs and let us know what you think!","spans":[{"start":22,"end":43,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/databases/new?engine=mongodb"}},{"start":59,"end":90,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/do-community/mongodb-resources","target":"_blank"}},{"start":141,"end":145,"type":"hyperlink","data":{"link_type":"Web","url":"https://docs.digitalocean.com/products/databases/mongodb/"}}]},{"type":"paragraph","text":"If you’d like to have a conversation about using DigitalOcean and Managed MongoDB in your business, please feel free to contact our sales team.","spans":[{"start":120,"end":142,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/company/contact/sales/"}}]},{"type":"paragraph","text":"Happy coding!","spans":[]},{"type":"paragraph","text":"André Bearfield","spans":[]},{"type":"paragraph","text":"Director of Product Management","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"André Bearfield","author_image":{"dimensions":{"width":553,"height":547},"alt":"André Bearfield","copyright":null,"url":"https://images.prismic.io/www-static/fdc7c85186f0a850b04083e1d4306bd1c19772e8_andre-bearfield.png?auto=compress,format"},"_meta":{"uid":"andre-bearfield"}},"_meta":{"uid":"introducing-digitalocean-managed-mongodb"}},"featured_blog_2":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":400},"alt":"Droplet Console","copyright":null,"url":"https://images.prismic.io/www-static/710499ae-78cc-4179-afc1-15793637b200_DODX3727-790x400-logo-2.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Securely connect to Droplets with SSH key pairs using a new Droplet Console","spans":[]}],"blog_post_date":"2021-08-10","blog_post_content":[{"type":"paragraph","text":"The famous author Ken Blanchard once said, “Feedback is the breakfast of champions.\" This is something we truly believe at DigitalOcean, and we always strive to enhance our products based on customer feedback.","spans":[]},{"type":"paragraph","text":"With this goal in mind, we are excited to introduce a new Droplet Console that will make it much easier to connect to your Droplets securely. The new Droplet Console provides one-click SSH access to your Droplets through a native-like SSH/Terminal experience. It also eliminates the need for a password or manual configuration of SSH keys. Starting today, we’re pleased to announce that the new Droplet Console is now available to all Droplet users.","spans":[]},{"type":"heading2","text":"Why you should be using Secure Shell (SSH) ","spans":[]},{"type":"paragraph","text":"Password-based security is notoriously insecure due to password fatigue and the overuse of passwords such as ‘123456’. Secure Shell or SSH is a network communication protocol that solves this by using passwordless solutions for encryption, enabling two computers to communicate and securely share data. At a high level, SSH works by creating cryptographic key pairs consisting of a public and private key, which are computer generated and stored separately to ensure their security. ","spans":[{"start":80,"end":117,"type":"hyperlink","data":{"link_type":"Web","url":"https://cybernews.com/best-password-managers/most-common-passwords/"}}]},{"type":"paragraph","text":"SSH has become the default encryption protocol for many industries, but it was difficult to use SSH keys with DigitalOcean’s current Recovery (VNC) console, which is why we developed our new Droplet Console. The new Droplet Console is backed by an agent that security supervises the key pair, while also providing one-click SSH access to our users. You can see the full list of features below.","spans":[]},{"type":"heading2","text":"The new Droplet Console: More time saving, less time wasting ","spans":[]},{"type":"paragraph","text":"The new Droplet Console is for everyone who is looking to build fast, secure apps and avoid hassles with SSH access & usability issues.","spans":[]},{"type":"paragraph","text":"In addition to easier SSH access, the new Droplet Console comes with:","spans":[]},{"type":"list-item","text":"Copy/paste text: Instead of typing lengthy key pairs and text manually, you can use copy/paste to save time. ","spans":[{"start":0,"end":17,"type":"strong"}]},{"type":"list-item","text":"Multi-color support: Multi-color support makes the console more useful and intuitive, and breaks the conventional standard appearance which is black text on a white background. ","spans":[{"start":0,"end":41,"type":"strong"}]},{"type":"list-item","text":"Multi-language support: DigitalOcean’s new Droplet Console supports multiple languages, meaning you can now type and view any content in any language that is supported by UTF-8","spans":[{"start":0,"end":24,"type":"strong"}]},{"type":"list-item","text":"OS/images supported: Linux distributions (Ubuntu(16.04 - 20.04), Fedora (32 & 33), Debian (9), CentOS (7.6 & 8.3), CentOS 8 Stream, Rocky Linux and Marketplace images.","spans":[{"start":0,"end":20,"type":"strong"},{"start":148,"end":159,"type":"hyperlink","data":{"link_type":"Web","url":"https://marketplace.digitalocean.com/"}}]},{"type":"paragraph","text":"The new Droplet Console is available by default on any new Droplets you spin up. You can also enable it manually on older Droplets. Click here to learn more!","spans":[{"start":132,"end":157,"type":"hyperlink","data":{"link_type":"Web","url":"https://docs.digitalocean.com/products/droplets/how-to/connect-with-console/"}}]},{"type":"paragraph","text":"Check out this short walkthrough video that shows the new Droplet Console in action: ","spans":[]},{"type":"embed","oembed":{"type":"video","embed_url":"https://www.youtube.com/watch?v=Qt7QihVuxiE","title":"Access Your Droplet Terminal Through the Web Console","provider_name":"YouTube","thumbnail_url":"https://i.ytimg.com/vi/Qt7QihVuxiE/hqdefault.jpg","provider_url":"https://www.youtube.com/","author_name":"DigitalOcean","author_url":"https://www.youtube.com/c/Digitalocean","height":113,"width":200,"version":"1.0","thumbnail_height":360,"thumbnail_width":480,"html":"<iframe width=\"200\" height=\"113\" src=\"https://www.youtube.com/embed/Qt7QihVuxiE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen></iframe>"}},{"type":"paragraph","text":"We hope you’re excited about the new Droplet Console. You’re welcome to spin some Droplets up right now, and try out the new Droplet Console – why wait?","spans":[{"start":72,"end":103,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/droplets/new"}}]},{"type":"paragraph","text":"Happy coding!","spans":[]},{"type":"paragraph","text":"Harsh Banwait, Senior Product Manager","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"Harsh Banwait","author_image":{"dimensions":{"width":600,"height":399},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/e83ff690-b20c-4d88-a2b6-57e562558cd6_download.png?auto=compress,format"},"_meta":{"uid":"harsh-banwait"}},"_meta":{"uid":"new-droplet-console-ssh-support"}},"featured_blog_3":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":400},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/588e28d3-d41e-480b-937b-8c3b19201f6e_DODX3568-790x400-Blog.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"How to scale your SaaS product without breaking the bank","spans":[]}],"blog_post_date":"2021-06-22","blog_post_content":[{"type":"paragraph","text":"These days, if you are in the business of software, chances are you are delivering or plan to deliver your services using a Software-as-a-Service (SaaS) model. A combination of internet-based delivery, subscription-based pricing, and low-friction product experiences have made SaaS solutions valuable tools for their users, and an excellent vehicle for software builders looking to distribute their products.","spans":[]},{"type":"paragraph","text":"These factors have made SaaS solutions ubiquitous; SaaS is the largest segment in the public cloud market, and is used to provide functionality ranging from personal finance apps for consumers, to productivity software for businesses, and even tools and services for software developers themselves to compose their applications and simplify their workflows. It is also not uncommon to find micro-SaaS applications being built for specific industries such as retail, job functions such as accounting or marketing, or tasks such as event management. ","spans":[]},{"type":"paragraph","text":"The best thing about this SaaS wave has been that it has allowed a new generation of software builders to build and monetize applications and participate in the digital economy. Previously, you had to be a big company with lots of resources, name recognition and distribution networks to successfully sell software products. Now, irrespective of whether you are a single person working on a passion project, a small team of developers in a startup, or a small and medium-sized business (SMB), the SaaS model enables you to express your ideas in the form of software and deliver them to customers anywhere in the world.","spans":[]},{"type":"heading2","text":"The unique challenges of building SaaS solutions","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Despite the opportunities that come with the widespread adoption of SaaS products, software builders still have to answer key questions in their journey to building successful SaaS products. Understanding what customers to target, features to prioritize, how to price your product, and how to acquire customers are all critical questions to figure out while you are also doing the important job of actually building and operating the product. ","spans":[]},{"type":"paragraph","text":"Writing the code, testing, deployment, monitoring the usage in production, and ensuring that your apps are able to handle the additional demand when customer base and usage grows are all essential and time-consuming tasks.","spans":[]},{"type":"paragraph","text":"Additionally, being able to test multiple ideas, pivot, and double down on the ideas that actually work is critical in early stages of SaaS development. Once growth comes, it is equally important to scale up without compromising on performance or reliability. Needless to say, all of this needs to be economically viable as well, since not everyone has the resources of large SaaS providers like Salesforce or Adobe.","spans":[]},{"type":"heading2","text":"Cloud Computing enables builders but also poses challenges","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Fortunately, for the act of building and operating your apps, cloud computing can help take some load off your shoulders. Unless you have the scale and resources of Facebook, chances are you are not going to set up your own data centers to host the computing infrastructure that powers your SaaS company. Public cloud infrastructure providers can bring great value to SaaS builders by providing on-demand computing services with usage-based pricing. However, just like how the legacy software companies weren't built for the SaaS model, the early (and big) cloud computing services were not optimized for the unique needs of small SaaS building teams. ","spans":[]},{"type":"paragraph","text":"Smaller SaaS teams face challenges with large cloud computing providers, including:","spans":[]},{"type":"heading4","text":"Too many technology options","spans":[]},{"type":"paragraph","text":"There are just too many options for tech stacks on which to build your SaaS - programming languages, application development frameworks, libraries, runtime environments, architectural patterns, and deployment models - and the list is growing by the day.","spans":[]},{"type":"heading4","text":"Complexity of cloud computing services","spans":[]},{"type":"paragraph","text":"Even when you have decided on a technology stack, there is a lot of cloud vendor-specific terminology you need to learn and heavy lifting you need to do to build on the cloud, not all of which contributes to making your SaaS applications successful.","spans":[]},{"type":"heading4","text":"Unpredictable costs","spans":[]},{"type":"paragraph","text":"The experimentation necessary in early stages of SaaS development, as well as the scaling of applications required during the growth phase, call for affordable and predictable pricing from your cloud provider. The last thing SaaS teams want is surprising and indecipherable bills from your cloud provider. Unfortunately, smaller businesses often experience unpredictable costs with cloud providers who are busy serving only the large enterprises.","spans":[]},{"type":"heading2","text":"DigitalOcean provides a simple, cost effective solution for SaaS builders","spans":[]},{"type":"paragraph","text":"Fortunately, at DigitalOcean we have a laser focus on small software development teams, who are trying to build the next generation of applications. Today, DigitalOcean customers are already building SaaS applications which serve all kinds of customers.","spans":[{"start":191,"end":217,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/solutions/saas/"}}]},{"type":"paragraph","text":"We believe SaaS builders should focus on building apps that power their business, and not spend their valuable time on managing infrastructure. That is exactly what we have been able to enable through our intuitive products that are built for scale and reliability.","spans":[{"start":205,"end":223,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/"}}]},{"type":"list-item","text":"Vidazoo is an advertising technology company specializing in video streaming and serving. It serves video ads to thousands of websites and handles close to 10 billion requests per day. \n\n“We are as much a data company as an adtech company. Our business relies on speedy and accurate data processing at massive scale. DigitalOcean provides us the perfect set of tools to operate our SaaS business profitably, while not making us feel the need to become full time system administrators. We plan to move a lot of our apps to DigitalOcean App Platform and other fully managed products.” - Roman Svichar, CTO of Vidazoo","spans":[{"start":0,"end":7,"type":"hyperlink","data":{"link_type":"Web","url":"https://vidazoo.com/"}},{"start":187,"end":583,"type":"em"}]},{"type":"paragraph","text":"We believe in meeting customers where they are. If they already have an understanding of cloud infrastructure technologies, they should be able to leverage that knowledge and get started with our products without any further ramp up.","spans":[]},{"type":"list-item","text":"Whatfix is an enterprise SaaS provider that offers a digital adoption platform to businesses. The company helps enterprises gain the full value of their investments in enterprise applications by providing real-time, interactive, and contextual guidance to users of those applications. \n\n“What we really love about the DigitalOcean platform is the ease of use. We feel like we know infrastructure and can handle most of the configuration and management. What we needed from a cloud was not bells and whistles but efficiency and reliability. DigitalOcean provides us a platform to build our apps and then gets out of the way. Just how we like it.” - Achyuth Krishna, Director of Engineering of Whatfix","spans":[{"start":0,"end":7,"type":"hyperlink","data":{"link_type":"Web","url":"https://whatfix.com/blog/driving-the-future-now-were-excited-to-announce-our-90-million-series-d-funding/"}},{"start":287,"end":648,"type":"em"}]},{"type":"paragraph","text":"We understand that scaling while maintaining reliability of applications and profitability of business is important, so we provide robust solutions which minimize downtime.","spans":[]},{"type":"list-item","text":"Centra is a SaaS-based e-commerce platform for global direct-to-consumer and wholesale e-commerce brands. Centra provides a powerful e-commerce backend that lets brands build pixel-perfect, custom designed, online flagship stores. \n\n“How do we enable our customers to create differentiated online experiences? How do we ensure their e-commerce apps stay up and running at all times? How do we scale on-demand when traffic grows or new customers come in? These are the questions that we ask ourselves every day. Thankfully, we have a partner in DigitalOcean that provides just the platform to answer those questions enabling us to guarantee 99.9% uptime for our clients.” - Martin Jensen, CEO of Centra","spans":[{"start":0,"end":6,"type":"hyperlink","data":{"link_type":"Web","url":"https://centra.com/"}},{"start":233,"end":673,"type":"em"}]},{"type":"paragraph","text":"These are just a few examples of SaaS businesses finding success on DigitalOcean. We are constantly amazed by the creativity and innovation that software builders are utilizing our platform for. If you are interested in learning more about product updates, technical deep-dives and best practices for building SaaS products and businesses, please contact us to learn how we can help you get started. ","spans":[{"start":340,"end":357,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/migrate/?utmmedium=blog","target":"_blank"}}]},{"type":"paragraph","text":"Come build with DigitalOcean!","spans":[]},{"type":"paragraph","text":"Looking to migrate your SaaS to DigitalOcean? Leverage free infrastructure credits, robust training, and technical support to ensure a worry-free migration.","spans":[{"start":0,"end":156,"type":"strong"},{"start":0,"end":156,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/migrate/?utmmedium=blog","target":"_blank"}}]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Raman Sharma","spans":[]},{"type":"paragraph","text":"Vice President, Product & Programs Marketing","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Developer Relations","_linkType":"Link.document","_meta":{"uid":"developer-relations"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"Raman Sharma","author_image":{"dimensions":{"width":512,"height":512},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/497b4b14-d192-493a-8b66-7ae176ba99f3_raman.png?auto=compress,format"},"_meta":{"uid":"raman-sharma"}},"_meta":{"uid":"how-to-scale-your-saas-product-without-breaking-the-bank"}}}}]}}},"pageContext":{"limit":12,"skip":0,"numTagPages":1,"currentPage":1,"uid":"trust-security","data":[{"node":{"author":{"_linkType":"Link.document","author_name":"Tyler Healy","author_image":{"dimensions":{"width":1961,"height":1961},"alt":"Tyler Healy","copyright":null,"url":"https://images.prismic.io/www-static/21e57dd9-d192-4b6c-a9c9-f38e1c5e10c5_tyler-healy.jpeg?auto=compress,format"},"_meta":{"uid":"tyler_healy"}},"blog_header_image":{"dimensions":{"width":3718,"height":1832},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/90b6557c-6b7e-48ce-b5a7-37abeec6909d_runs-on-do-img.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Customer Onboarding Funnel Equilibrium: Securing Customer Experience","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"How often does the Security team directly influence customer growth and user experience for the business? Unless it’s for a security or privacy product or component, the answer is rarely.","spans":[]},{"type":"paragraph","text":"Securing the product tech stack, protecting customer data, and keeping the business ahead of those who might seek to disrupt or do harm are must-dos for any organization, rather than serving as a direct element in the customer journey. On top of those core functions in our Security program, Security at DigitalOcean puts customer experience at the forefront by fighting to keep our compute and network free from the degradation brought on by abusive behavior. ","spans":[]},{"type":"paragraph","text":"Security’s focus on the customer starts at the very beginning of a customer's journey on DO, as we’re the designers of fraud and abuse detection throughout the journey. We want to share some of what we’ve learned in fighting internet-scale fraud and abuse, while maintaining focus on customer experience. ","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Monetizing Free Compute","spans":[{"start":0,"end":23,"type":"strong"}]},{"type":"paragraph","text":"It’s no mystery to any internet faring human that for all the magical wonder the internet has created, there’s a lot of bad that happens. From the truly heinous and harmful, to grey market activities like click-farming, the malintended will find a way to put an internet connected computer to use, most often in pursuit of money. As cloud infrastructure has exploded in popularity over the past decade, so has access to free computing: free trials, free tiers, and pay-after-use means a low barrier to access computing power. Great for marketing, but quite the challenge for security. ","spans":[]},{"type":"paragraph","text":"Solving for fraud and abuse at scale means identifying and counteracting the economics of how computers are monetized for harm. The challenge in that game is counteracting only harm without creating a poor experience for well-intended customers. The problem statement is actually relatively straightforward: reduce harmful impact on the internet, protect the bottom line for the business, and help good customers grow as fast as possible. Simple, right? ","spans":[{"start":172,"end":176,"type":"em"},{"start":398,"end":402,"type":"em"}]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Laying Down The (Transparent) Gauntlet ","spans":[{"start":0,"end":39,"type":"strong"}]},{"type":"paragraph","text":"Hyperscale cloud providers have the benefit of a high-spend target market in the realm of massive legacy businesses shifting workloads to the cloud. At DigitalOcean, we’re out there for the individual developers, startup founders, small businesses, and new-to-the-cloud explorers of the world. Hyperscalers have the luxury of employing friction that focuses on capturing big business, where revenue growth is not tied to engaging a founder at an early stage. ","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"The behaviors and expectations of these target markets are quite different, especially during a signup process. Larger businesses are used to some amount of friction; it’s part of how they operate in a regulatory environment. A captcha + email verification + payment verification + mobile phone verification during signup is not a drag on the customer experience. For DigitalOcean, many of our customers are just exploring what it takes to create a viable business, and we want to help them on that journey. Too much friction for some of these customers would certainly create an acquisition drag. Not enough friction, and we’re swimming in abusive behavior that ruins IP and business reputation, also a negative customer impact. It’s a delicate balance.","spans":[]},{"type":"paragraph","text":"Like any good security strategy, we look to the onion: there must be layers. Starting at the core and building outwards, there are hundreds of knobs and levers to build that allow calibration for achieving an equilibrium. Hundreds of levers may seem like overkill, but in a world where shifts happen constantly in cybercrime tactics, privacy, payment methods, and monetization methods, stabilization requires constant shifting of weight on the balance. ","spans":[]},{"type":"paragraph","text":"Friction levers are built in throughout the customer journey, allowing for constant experimentation and optimization. From bot protection at signup, through traffic analysis for bad behaviors like spamming, we acknowledge two challenging truths: (1) we will never stop all the bad guys at the door, and (2) we will always stop some of the good guys. Stated differently, every piece of fraud and abuse tooling will be imperfect in that there is a false negative and false positive percentage. Many of the levers are designed in sequence, ramping up friction in a way that helps minimize potentially negative customer experiences. Without careful sequencing, signals can get lost between components.","spans":[{"start":321,"end":322,"type":"em"}]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Speed Is the Key To Balance","spans":[{"start":0,"end":27,"type":"strong"}]},{"type":"paragraph","text":"Similar to when riding a bike, the faster you go the more successful you’ll be at balancing. Pace of experimentation and measurement will help avoid major perturbations in the system. Waiting too long can allow attackers to dictate the pace, increasing the risk for over-rotation that will impact good customers. ","spans":[]},{"type":"paragraph","text":"The risk / reward calculation in loosening or tightening certain friction is constant. Approaches get stale quickly, and a thesis from even three to six months prior will often prove outdated. Attacker tactics change, global events (like a pandemic) can shift behaviors, and even how banks function -- the popularity of virtual credit cards are a favorite of global fraud -- the shifts in landscape dictate constant tweaking and tuning. To do this at pace, and at scale, components must be built in a way that allows for rapid tuning and more importantly, rapid measured experimentation. ","spans":[]},{"type":"paragraph","text":"The DigitalOcean Security, Product, and Marketing teams continue to build, iterate, and optimize for this problem. It’s not just important for growth and customer trust, but also for the betterment of the global internet community. The problem will always exist, so it’s not a matter of if this is “solved”, it’s a matter of staying a step ahead.","spans":[]}],"blog_post_date":"2021-01-12","tags":[{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"securing-customer-funnel"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Tyler Healy","author_image":{"dimensions":{"width":1961,"height":1961},"alt":"Tyler Healy","copyright":null,"url":"https://images.prismic.io/www-static/21e57dd9-d192-4b6c-a9c9-f38e1c5e10c5_tyler-healy.jpeg?auto=compress,format"},"_meta":{"uid":"tyler_healy"}},"blog_header_image":{"dimensions":{"width":1000,"height":500},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/8e23ff1c-85d3-45e4-a61c-872ae0742901_Security.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"A message about Intel’s recent security vulnerabilities","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Today, Intel released 40 security advisories, including two side-channel issues that, if successfully exploited, may cause information disclosure. On DigitalOcean’s platform, this means a malicious user could use a Droplet to infer partial data of another Droplet on the same physical host. ","spans":[{"start":7,"end":44,"type":"hyperlink","data":{"link_type":"Web","url":"https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/#gs.kky42u"}}]},{"type":"paragraph","text":"To mitigate the impact of these vulnerabilities, we worked closely with Intel to thoroughly test an updated microcode and have rolled it out to all affected machines in our fleet. With this, there is no action required from users to protect their Droplets from these vulnerabilities.","spans":[]}],"blog_post_date":"2020-11-11","tags":[{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"a-message-about-intels-recent-security-vulnerabilities"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Tyler Healy","author_image":{"dimensions":{"width":1961,"height":1961},"alt":"Tyler Healy","copyright":null,"url":"https://images.prismic.io/www-static/21e57dd9-d192-4b6c-a9c9-f38e1c5e10c5_tyler-healy.jpeg?auto=compress,format"},"_meta":{"uid":"tyler_healy"}},"blog_header_image":{"dimensions":{"width":1200,"height":592},"alt":"trust platform 1","copyright":null,"url":"https://images.prismic.io/www-static/83fb72b0-d0c3-4948-a51d-eb4ff9d978bb_new-trust-platform-1.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Growing Community with the New Trust Platform","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Customer trust is important for any business, but seems elusive for the modern digital business. When customer interactions live on a screen, rather than shared in a physical space, building trust based on shared values becomes more difficult and nuanced.","spans":[]},{"type":"paragraph","text":"Assumptions about shared values may not be correct, especially when applied to data, privacy, and security. As Internet citizens we make assumptions every day about the trustworthiness of the online services with which we interact. At DigitalOcean we believe that our community and customers shouldn’t need to make assumptions about trust. We also believe in being accountable for our commitments, as it’s a core element of trust. Our community is bigger than us, and we’re committed to a trust-based relationship with our community.","spans":[]},{"type":"paragraph","text":"This is why I am excited to announce our DigitalOcean Trust Platform, launched this week.","spans":[{"start":41,"end":68,"type":"hyperlink","data":{"link_type":"Web","url":"http://digitalocean.com/trust"}}]},{"type":"paragraph","text":"On the Trust Platform, our customers and community will find honest and real information about privacy and security at DigitalOcean – not just the standard third-party stamps of approval. Important materials such as our annual Transparency Report will be made available, and our Trust FAQ will attempt to answer as many questions from real customers as we can. From how we handle your data and your customers' data, gritty details about our own security posture, and your responsibilities as a DO customer, this will be the gateway to everything security and privacy at DigitalOcean.","spans":[{"start":227,"end":246,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/legal/transparency-report/"}},{"start":279,"end":288,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/trust/faq"}}]},{"type":"paragraph","text":"Nothing is more important to DigitalOcean than continually earning the trust of our community and customers. Will we be perfect? Nope, we are still humans after all. Writing software is tough and mistakes happen, even for brilliant engineers. We recognize, accept, and plan for the fact that code we write, or open-source code we use, won’t be flawless. Flaws may be introduced in the business logic layer, in hardware, or perhaps buried deep within a codebase. We will work relentlessly to mitigate the risk of these flaws to our customers and community. What can you expect from us? Transparency, for each of these and many more topics, and not just what choices we make, and challenges we face, but what we learn from those choices and how they impact you.","spans":[{"start":652,"end":758,"type":"em"}]},{"type":"paragraph","text":"We look forward to hearing feedback about what else you and your customers need from our Trust Platform, because this is just the beginning. Expect more content on the DigitalOcean blog and on the Trust Platform in the coming weeks. Leave a comment with what else you find important or interesting to learn about from the DigitalOcean Security team.","spans":[{"start":197,"end":211,"type":"hyperlink","data":{"link_type":"Web","url":"http://digitalocean.com/trust"}}]}],"blog_post_date":"2020-04-30","tags":[{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"new-trust-platform"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Rafael Rosa","author_image":{"dimensions":{"width":250,"height":250},"alt":"Rafael Rosa","copyright":null,"url":"https://images.prismic.io/www-static/6326cb734e557630247062ec390166664f5d3b63_77d07a0ba7bc27b40afc8f5932c57417.png?auto=compress,format"},"_meta":{"uid":"rafael_rosa"}},"blog_header_image":{"dimensions":{"width":1200,"height":592},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/e7798719-3af9-42bf-8273-04f02108383f_digitalocean-vpc-blog-1.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Build Secure Apps on DigitalOcean with VPC and a Trustworthy Foundation","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Simplicity yields productivity, and that’s why many developers have brought DigitalOcean into the workplace. Thousands of startups and small businesses have already chosen to run critical applications on DigitalOcean.","spans":[{"start":122,"end":130,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/hatch/"}},{"start":135,"end":151,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/customers/"}}]},{"type":"paragraph","text":"Still, many more businesses tell us that they’d gladly migrate to our cloud if we could help them better secure their applications, and if we could provide them transparency into our own security and privacy practices.","spans":[]},{"type":"paragraph","text":"It’s with these businesses in mind that we’re pleased to introduce DigitalOcean Virtual Private Cloud (VPC) and our new Trust Platform.","spans":[{"start":0,"end":135,"type":"strong"},{"start":67,"end":107,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/vpc/"}},{"start":116,"end":134,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/trust/"}}]},{"type":"paragraph","text":"If you’re not already using DigitalOcean at work, and have ever wished you could, now is the time to give us another look.","spans":[]},{"type":"heading2","text":"VPC is the next evolution of Private Networking","spans":[]},{"type":"paragraph","text":"DigitalOcean has, for a while now, allowed you to run resources you create – Droplets VMs, Kubernetes clusters, Managed Databases, Load Balancers – within a private network. Once enabled, Private Networking creates a second network interface that is only accessible by resources within the private network.","spans":[{"start":77,"end":89,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/droplets/"}},{"start":91,"end":110,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/kubernetes/"}},{"start":112,"end":129,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/managed-databases/"}},{"start":131,"end":145,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/load-balancer/"}}]},{"type":"paragraph","text":"DigitalOcean VPC is the natural progression of our existing Private Networking feature. These are the principal improvements between VPC and our previous functionality:","spans":[]},{"type":"list-item","text":"VPC allows you to create multiple private networks for your account or your team, instead of having just one private network.","spans":[]},{"type":"list-item","text":"DigitalOcean can auto-generate your private network’s IP address range, or you can specify your own.","spans":[]},{"type":"list-item","text":"You can now configure Droplets to behave as Internet gateways.","spans":[]},{"type":"paragraph","text":"Each private network that you create is logically isolated from other private networks, and from the public Internet.","spans":[]},{"type":"heading2","text":"Secure networking made simple","spans":[]},{"type":"paragraph","text":"We’ve worked hard to make using VPC as simple as possible.","spans":[]},{"type":"paragraph","text":"If you’ve previously enabled Private Networking for your resources, you don’t need to do anything new to take advantage of VPC. Your account’s previous private network has now been converted into a ‘default’ VPC; no action required.","spans":[]},{"type":"paragraph","text":"But if you’re interested in creating multiple private networks for your account or team, know that it’s easy as can be. Simply navigate to the ‘VPC’ tab within the ‘Networking’ section of your dashboard, and follow a few quick steps.","spans":[{"start":143,"end":202,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/networking/vpc"}}]},{"type":"heading2","text":"When should you use VPC to create multiple private networks?","spans":[]},{"type":"paragraph","text":"In general, we recommend that you use VPC to create multiple private networks whenever you’re running resources that don’t need to communicate with each other.","spans":[]},{"type":"paragraph","text":"For example, suppose you’re an agency that develops web applications on behalf of numerous clients. Now, with VPC, you can set up different private networks for each client, so that each client has its own private space with strong network isolation from other clients.","spans":[]},{"type":"paragraph","text":"As an individual developer or business, you can run resources for unrelated applications in different private networks. Then, if you make a mistake with a resource powering one of your apps, your other apps and their underlying resources are not at risk.","spans":[]},{"type":"heading2","text":"VPCs are free. And bandwidth might as well be.","spans":[]},{"type":"paragraph","text":"Many businesses with network-intensive applications such as video streaming and VPN services choose to run on DigitalOcean due to our industry-leading approach to bandwidth pricing.","spans":[]},{"type":"paragraph","text":"Data transfer within private networks is completely free, and you can create as many VPC private networks as you want, no strings attached.","spans":[]},{"type":"paragraph","text":"Each Droplet that you create comes with an outbound data transfer quota, and together, all your Droplets form your account’s bandwidth pool. Any excess outbound transfer is billed at just $.01/GB, a rate much lower than other clouds. Check out this blog to see how these pennies can really add up.","spans":[{"start":234,"end":253,"type":"hyperlink","data":{"link_type":"Web","url":"https://blog.digitalocean.com/its-all-about-the-bandwidth-why-many-network-intensive-services-select-digitalocean-as-their-cloud/"}}]},{"type":"paragraph","text":"To estimate transfer costs for your workload, try our new bandwidth pricing calculator.","spans":[{"start":54,"end":86,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tools/bandwidth"}}]},{"type":"heading2","text":"A trustworthy foundation makes DigitalOcean the simple and smart choice","spans":[]},{"type":"paragraph","text":"The importance of security cannot be overstated. We recommend using VPC, Cloud Firewalls, SSH keys, and two-factor authentication to protect your systems from intrusion.","spans":[{"start":68,"end":71,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/vpc"}},{"start":73,"end":88,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/cloud-firewalls/"}},{"start":90,"end":98,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/"}},{"start":104,"end":129,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/accounts/security/2fa/"}}]},{"type":"paragraph","text":"Many businesses demand these features, and also want to understand how we secure our infrastructure and protect customer data. Today, we’re pleased to direct you to our new Trust Platform. This website provides you one place to get all of your security and privacy questions answered, and download our available security certifications.","spans":[{"start":165,"end":187,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/trust"}}]},{"type":"heading2","text":"Get started with DigitalOcean and VPC today","spans":[]},{"type":"paragraph","text":"We’ve talked with many developers and businesses over the years who have told us how much they wanted VPC. To learn more about VPC and our network infrastructure, please join me for a webinar a few weeks from now.","spans":[{"start":170,"end":212,"type":"hyperlink","data":{"link_type":"Web","url":"https://attendee.gotowebinar.com/register/7390796622027252493"}}]},{"type":"paragraph","text":"To developers who have waited for DigitalOcean to deliver VPC, we encourage you to sign up for a free account. Business users who would benefit from guidance regarding VPC and other DigitalOcean products should contact our sales team.","spans":[{"start":83,"end":109,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/registrations/new"}},{"start":211,"end":233,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/company/contact/sales/"}}]},{"type":"paragraph","text":"Happy coding!\nRafael Rosa\nSenior Product Manager, Networking","spans":[]}],"blog_post_date":"2020-04-28","tags":[{"tag1":{"tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}},{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"vpc-trust-platform"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Tyler Healy","author_image":{"dimensions":{"width":1961,"height":1961},"alt":"Tyler Healy","copyright":null,"url":"https://images.prismic.io/www-static/21e57dd9-d192-4b6c-a9c9-f38e1c5e10c5_tyler-healy.jpeg?auto=compress,format"},"_meta":{"uid":"tyler_healy"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"An Update about Intel’s Recent CVE Announcement","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"UPDATE (3/10/2020):","spans":[{"start":0,"end":19,"type":"strong"}]},{"type":"paragraph","text":"We’re excited to update you that we have finished deploying the mitigations across our fleet for the two Processors Data Leakage security vulnerabilities.","spans":[]},{"type":"paragraph","text":"As a reminder, there is no action required from users to protect their Droplets from these two issues.","spans":[]},{"type":"paragraph","text":"We appreciate your patience and understanding throughout this process.","spans":[]},{"type":"paragraph","text":"UPDATE (2/28/2020):","spans":[{"start":0,"end":19,"type":"strong"}]},{"type":"paragraph","text":"Today, we’re happy to share that we have started deploying the final mitigations across our fleet for the two Processors Data Leakage security vulnerabilities recently disclosed by Intel.","spans":[]},{"type":"paragraph","text":"Over the past several weeks, we were awaiting a reliable production microcode while actively testing and validating the beta microcode. Now that production microcode is in hand, we expect to complete the entire mitigation process within the next few weeks.","spans":[]},{"type":"paragraph","text":"There is no action required from users to protect their Droplets from these two Processors Data Leakage security vulnerabilities.","spans":[]},{"type":"paragraph","text":"We will continue to share updates here.","spans":[]},{"type":"paragraph","text":"ORIGINAL POST:","spans":[{"start":0,"end":14,"type":"strong"}]},{"type":"paragraph","text":"Hi there,","spans":[]},{"type":"paragraph","text":"Today, Intel released a statement regarding two Processors Data Leakage security vulnerabilities (Vector Register Sampling and L1D Eviction Sampling) that may allow unintended information disclosure for users of multi-tenant cloud environments. On DigitalOcean’s platform, this means a malicious actor could theoretically use a Droplet to infer partial data used by another Droplet on the same physical host.","spans":[{"start":48,"end":71,"type":"hyperlink","data":{"link_type":"Web","url":"https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"}}]},{"type":"paragraph","text":"These vulnerabilities are similar to L1 Terminal Fault (L1TF) as well as the Microarchitectural Data Sampling (MDS) and Transactional Asynchronous Abort (TAA) processor-level issues we’ve mitigated previously. Vector Register Sampling (CVE-2020-0548) relates closely to MDS vulnerabilities, but has a smaller scope and risk. For L1D Eviction Sampling (CVE-2020-0549), the L1TF mitigations already in place on DigitalOcean partially mitigate the vulnerability.","spans":[{"start":37,"end":61,"type":"hyperlink","data":{"link_type":"Web","url":"https://blog.digitalocean.com/a-message-about-l1tf/"}},{"start":77,"end":115,"type":"hyperlink","data":{"link_type":"Web","url":"https://blog.digitalocean.com/may-2019-intel-vulnerability/"}}]},{"type":"paragraph","text":"To further mitigate the impact of these vulnerabilities, we are working with Intel to obtain updated microcode. Once received, our engineering team will begin to rapidly and thoroughly test, and then roll out the updated microcode across our fleet.","spans":[]},{"type":"paragraph","text":"These details will be shared in an email to all active customers, and we will send another email once our mitigation efforts are complete. In the meantime, any information and updates from Intel – as well as our progress rolling the microcode out – will be shared here.","spans":[]},{"type":"paragraph","text":"The security of our platform and protection of our users’ data is our highest priority. We’re working diligently to ensure this issue is resolved as soon as possible.","spans":[]}],"blog_post_date":"2020-01-27","tags":[{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"an-update-about-intels-recent-cve-announcement"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Barry Cooks","author_image":null,"_meta":{"uid":"bcooks"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"An Update on Last Week's Customer Shutdown Incident","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Update 0120 UTC 5 June – We want to clarify that all customer details shared in this post have been approved by the customer in advance. We would never share such company information without express permission.","spans":[{"start":0,"end":22,"type":"em"}]},{"type":"paragraph","text":"Original post","spans":[{"start":0,"end":13,"type":"em"}]},{"type":"paragraph","text":"On May 29, DigitalOcean customer Raisup’s account was locked, and their resources were powered down due to a false positive generated by our anti-fraud and abuse automation system. The follow-up in handling the false positive resulted in a subsequent lock, and a communication of permanent denial of access to the account was sent to the customer. The account owner leveraged Twitter as an avenue to call attention to the mistake. Shortly thereafter, DigitalOcean investigated the issue and the Raisup account was unlocked and powered back on. We'd like to apologize and share more details about exactly what happened.","spans":[]},{"type":"heading2","text":"The Incident","spans":[]},{"type":"paragraph","text":"The initial account lock and resource power down resulted from an automated service that monitors for cryptocurrency mining activity (Droplet CPU loads and Droplet create behaviors). These signals, coupled with a number of account-level signals (including payment history and current run rate compared to total payments) are used to determine if automated action is warranted to minimize the impact of potential fraudulent high-cpu-loads on other customers. Before any action is taken against accounts, automated safeties are checked to avoid action on a customer that is in good standing without warning.","spans":[]},{"type":"paragraph","text":"Unfortunately in this case, the safeties were insufficient to prevent automated action. Additionally, because the customer was running on credit, they did not have a clear payment history, which meant that one of the primary safeties (payment history) was not triggered. The automated service created a support ticket on behalf of the customer to allow for rapid communication regarding the action.","spans":[]},{"type":"paragraph","text":"Upon recognizing his resources had been powered off, and the account locked, the customer replied to the ticket created for communication on the action. An Abuse Operations agent re-enabled the account 12 hours after the initial ticket. However, a mistake occurred and the agent did not flag the account as approved for the CPU-intensive activity that was the cause of the initial flag.","spans":[]},{"type":"paragraph","text":"On May 30, the same automated service then acted on the account a second time, due to the absence of a safety flag. Upon a second review by a different Abuse Operations agent (nearly 29 hours after the customer responded to the second flag), the agent failed to recognize this was a false positive, and the agent fully denied access back into the account. This action triggered the final “access denied” communication to the customer. At this point, the customer initiated the series of tweets to gain the attention of DigitalOcean.","spans":[]},{"type":"paragraph","text":"After further investigation the Droplets were powered back on, access was regranted to the account, and the appropriate safeties were flagged. DigitalOcean leadership initiated communication with the customer to extend apologies, offer credit, and fully explain what happened to resolve the issue.","spans":[]},{"type":"heading2","text":"Timeline of Events","spans":[]},{"type":"paragraph","text":"2019-05-29 16:43 UTC – Customer creates a batch of 10 Droplets rapidly creating ~100% CPU load across all new worker Droplets.","spans":[]},{"type":"paragraph","text":"2019-05-29 18:24 UTC – Cryptocurrency mining mitigation detects suspicious behavior, including very high CPU utilization on an account with no payment history, which results in an account lock. As a part of this lock a support ticket is automatically created on the customer’s behalf.","spans":[]},{"type":"paragraph","text":"2019-05-29 18:37 UTC – Customer replies back to the ticket with a request to unlock.","spans":[]},{"type":"paragraph","text":"2019-05-30 06:43 UTC – Action is taken due to the customer reaching out on social media and Support. Support routes the issue to the Abuse Ops. Account is unlocked by responding Abuse Ops agent and a reply is sent in email, 12 hours after customer responded. The Allow High Cpu Usage flag is not set as part of the unlock.","spans":[]},{"type":"paragraph","text":"2019-05-30 09:49 UTC – Account is locked and powered down by the cryptocurrency mitigation three hours after the customer powers their Droplets back on when the CPU usage on the same worker Droplets spikes back to 100%. Customer replies back to the new Verification support ticket within 20 minutes.","spans":[]},{"type":"paragraph","text":"2019-05-31 15:32 UTC – 29 hours after the customer’s response, the account is denied reactivation. Abuse Ops agent (different from initial agent) cites the link to an older account, connected through a shared SSH key, as additional justification for making the decision to deny access.","spans":[]},{"type":"paragraph","text":"2019-05-31 19:21 UTC – Social escalation leads to the account being unlocked/powered back on.","spans":[]},{"type":"paragraph","text":"2019-05-31 – Communication across multiple channels (Twitter, HackerNews, other media outlets) occurs to provide apologies and clarity on the situation. Customer is directly contacted by DO staff to offer apologies, situational insight, and credit.","spans":[]},{"type":"paragraph","text":"2019-06-01 – Customer responds to direct contact, acknowledging the apology.","spans":[]},{"type":"heading2","text":"Key Findings and Concerns","spans":[]},{"type":"paragraph","text":"This situation involved failures across people, process, and technology:","spans":[]},{"type":"heading4","text":"Technology","spans":[]},{"type":"paragraph","text":"The safeties intended to prevent fraud and abuse algorithms from taking automated action on a healthy, non-abusive customer were inadequate for a customer lacking payment history.","spans":[]},{"type":"heading4","text":"Process","spans":[]},{"type":"list-item","text":"Response timeframes to the customer of 12 hours, then 29 hours, for subsequent locks were far too long.","spans":[]},{"type":"list-item","text":"Responses to account locks were not prioritized differently from a ticket management standpoint to be above less severe tickets.","spans":[]},{"type":"list-item","text":"The initial DigitalOcean response on Twitter failed to recognize the potential harm that had been caused, and did not show compassion to the customer situation.","spans":[]},{"type":"list-item","text":"The communication regarding denial of access to the account creates a sense of helplessness; the finality without explanation requires correcting.","spans":[]},{"type":"heading4","text":"People","spans":[]},{"type":"list-item","text":"Process for adding the Allow High CPU Utilization safety flag was not followed.","spans":[]},{"type":"list-item","text":"Guidelines for judgment on a reported false positive were not clear, resulting in the denial of access.","spans":[]},{"type":"heading4","text":"Future Measures","spans":[]},{"type":"paragraph","text":"There were a number of issues and missteps that contributed to the incident. To prevent similar incidents from occurring in the future, we are considering the following measures:","spans":[]},{"type":"list-item","text":"Peer review of account terminations. For any account appealing a lock, two agents will be required to review the submission prior to issuing a final deny.","spans":[]},{"type":"list-item","text":"The template used for response in account denial will be removed entirely. If account access is denied during an appeal, which often is the case as most appeals are true bad actors, the agent must create a reasoned response.","spans":[]},{"type":"list-item","text":"Services that result in the power down of resources will no longer automatically take action on any account, regardless of lack of payment history, for accounts that were engaged more than 90 days prior. These cases will be escalated for manual review.","spans":[]},{"type":"list-item","text":"We will revisit how communications around fraud and abuse related issues are handled on Twitter.\nWhen an agent manually chooses to unlock an account, that account will have a safety applied to ignore automated security, fraud and abuse services for a designated period of time (timeframe TBD).","spans":[]},{"type":"list-item","text":"To address the extended delay on the account lock appeal, Support and Security Operations leadership will create new workflows to allow abuse-related events to leverage the 24/7 structure of Support.","spans":[]},{"type":"list-item","text":"Additional hiring has been approved for both Support and AbuseOps to reduce ticket queue wait times.","spans":[]},{"type":"list-item","text":"Service is already under development for centralizing safeties for anti-fraud and abuse automation.","spans":[]},{"type":"list-item","text":"Finally, we will be reviewing how we share information about accounts within our internal systems and services to better contextualize an account for expected versus unexpected behaviors.","spans":[]},{"type":"heading4","text":"In Conclusion","spans":[]},{"type":"paragraph","text":"We wanted to share the specific details around this incident as accurately and quickly as possible to give the community insight into what happened and how we handled it. We recognize the impact this had on a customer, and how this represented a breach of trust for the community, and for that we are deeply sorry. We have a number of takeaways to improve the technical, process, and people missteps that led to this failure. The entire team at DigitalOcean values and remains committed to the global community of developers.","spans":[]},{"type":"paragraph","text":"Barry Cooks","spans":[]},{"type":"paragraph","text":"Chief Technical Officer","spans":[]}],"blog_post_date":"2019-06-04","tags":[{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"an-update-on-last-weeks-customer-shutdown-incident"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"A Message About Intel’s Microarchitectural Data Sampling (MDS) Vulnerability","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Update: June 6, 2019","spans":[{"start":0,"end":20,"type":"em"}]},{"type":"paragraph","text":"Today, we’re happy to share that we have completed Microarchitectural Data Sampling (MDS) mitigations across our fleet. While we applied microcode to mitigate the potential impact of the vulnerability to a majority of our platform several weeks ago, we were awaiting a microcode to apply to a small percentage of servers. Earlier this week, we received the updated microcode from Intel and our team has been working to update the microcode as quickly as possible, and completed those efforts today.","spans":[]},{"type":"paragraph","text":"MDS vulnerability mitigations have been deployed across our entire platform, but we do strongly recommend that all users take steps to ensure your Droplets are up to date and secure, if you have not done so already. If you have already updated your Droplets, no additional action is required.","spans":[{"start":135,"end":181,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/droplets/how-to/kernel/upgrade"}}]},{"type":"paragraph","text":"Original Post: May 14, 2019","spans":[{"start":0,"end":27,"type":"em"}]},{"type":"paragraph","text":"Today, Intel released a statement regarding Microarchitectural Data Sampling (MDS) – also referred to as ZombieLoad – a significant security vulnerability that affects cloud providers with multi-tenant environments, including DigitalOcean. Left unmitigated, this vulnerability could allow sophisticated attackers to gain access to sensitive data, secrets, and credentials that could allow for privilege escalation and unauthorized access to user data.","spans":[]},{"type":"paragraph","text":"We have been working closely with Intel to understand the impact of these vulnerabilities and the best courses of action to protect our platform and our users. We have received updated microcode from Intel and developed a set of kernel updates to mitigate the vulnerability, and we are rapidly rolling out these mitigations with no downtime to our users.","spans":[]},{"type":"paragraph","text":"We also recommend taking steps to ensure your Droplet is up to date and secure. This is especially important if you are running multi-tenant applications or untrusted code inside your Droplet.","spans":[{"start":34,"end":78,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/droplets/how-to/kernel/upgrade"}}]},{"type":"paragraph","text":"In addition to sharing this blog post, we’re reaching out to all users via email. We’ll continue to post informational updates here, and we will reach out directly to users should any additional action be required.","spans":[]},{"type":"paragraph","text":"The security of our platform and our users’ data is our top priority, and we’re taking every measure to ensure our customers remain secure. For more information about MDS, you can read Intel’s initial statement.","spans":[{"start":185,"end":210,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html"}}]}],"blog_post_date":"2019-05-14","tags":[{"tag1":{"tag":"Engineering","_linkType":"Link.document","_meta":{"uid":"engineering"}}},{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}},{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"may-2019-intel-vulnerability"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Josh Feinblum","author_image":{"dimensions":{"width":170,"height":170},"alt":"Josh Feinblum","copyright":null,"url":"https://images.prismic.io/www-static/c4c133b1c9fcb9c2688f1feeb95690fbe53b2e6b_41049-0-4.jpg?auto=compress,format"},"_meta":{"uid":"josh_feinblum"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"A Message about Intel’s L1TF Security Vulnerability","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"UPDATE (9/17/2018):","spans":[{"start":0,"end":19,"type":"strong"}]},{"type":"paragraph","text":"Over the past several weeks, we’ve been deploying initial mitigations across our platform. These efforts address key concerns posed by the L1TF vulnerability, and future related issues that may arise. Today, we’re pleased to share that we’ve finished this first phase of mitigations. We are continuing to work with Intel to ensure our customers are protected against L1TF and we are also proceeding with a longer-tail mitigation response aimed at reducing our reliance on hardware to keep both Droplets and data protected.","spans":[]},{"type":"paragraph","text":"There is currently no action required from our users to protect their Droplets from the L1TF vulnerability. We will continue to share updates here, and will reach out to you directly if we believe there may be any impact to your account, or should you need to take any action.","spans":[]},{"type":"paragraph","text":"Original post:","spans":[{"start":0,"end":14,"type":"strong"}]},{"type":"paragraph","text":"Today, Intel released a statement regarding L1 Terminal Fault (L1TF), a severe security vulnerability that affects many multi-tenant environments running virtual machines, including DigitalOcean. This vulnerability exposes data to any guest running on the same processor core.","spans":[]},{"type":"paragraph","text":"In DigitalOcean’s environment, this means an attacker could theoretically use one Droplet to view another Droplet’s memory. However, they should have no ability to target a specific Droplet or user.","spans":[]},{"type":"paragraph","text":"The security implications of this vulnerability are significant and require us to move rapidly to ensure our platform remains protected. In the wake of previous vulnerabilities, Intel has improved their communications flow with us and shared more information sooner, which enabled us to start our mitigation efforts yesterday. However, due to the condensed timeline, unforeseen issues may arise during these efforts. We will continue to work with Intel to enhance their multi-party vulnerability disclosure process so we can improve our agility and efficiency in the future, and better address these types of issues.","spans":[]},{"type":"paragraph","text":"Remediation efforts will be completed within a few weeks, and during this time we will take all possible steps to ensure customer Droplets and data remain safe. We do not anticipate any downtime for our users as a result of our mitigation efforts.","spans":[]},{"type":"paragraph","text":"We are closely monitoring this situation, and we will update this blog post as more information becomes available. We will notify customers directly should there be any action required of them, or any action taken that may impact their DigitalOcean account.","spans":[]},{"type":"paragraph","text":"You can read Intel’s initial statement here.","spans":[{"start":13,"end":43,"type":"hyperlink","data":{"link_type":"Web","url":"https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/"}}]},{"type":"paragraph","text":"Josh Feinblum leads security and compliance for DigitalOcean and serves as Chief Security Officer. Prior to DigitalOcean, he was the head of security at Rapid7 and started several security programs across hyper-growth, technology-oriented healthcare companies. He is deeply involved in the security community and has more than 14 years of experience managing security teams, overseeing major clients at large managed service providers, and starting privacy and security related programs across commercial and federal financial service firms.","spans":[{"start":0,"end":541,"type":"em"}]}],"blog_post_date":"2018-08-14","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}},{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"a-message-about-l1tf"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Josh Feinblum","author_image":{"dimensions":{"width":170,"height":170},"alt":"Josh Feinblum","copyright":null,"url":"https://images.prismic.io/www-static/c4c133b1c9fcb9c2688f1feeb95690fbe53b2e6b_41049-0-4.jpg?auto=compress,format"},"_meta":{"uid":"josh_feinblum"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"A Message About Intel’s Latest Security Findings","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"In response to Intel’s statement today regarding new vulnerabilities, we wanted to share all the information we have to date with our customers and community.","spans":[{"start":15,"end":32,"type":"hyperlink","data":{"link_type":"Web","url":"https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/"}}]},{"type":"paragraph","text":"Current information does not suggest that this latest vulnerability, Variant 4, would allow Droplets to gain access to the host hypervisor, or access to other Droplets. We also do not believe that we will need to reboot our entire fleet of hypervisors, as was necessary to mitigate impact from the initial Spectre and Meltdown vulnerabilities. However, there is a remote potential for exploit and we are working with Intel to validate microcode to patch for the vulnerabilities. We are accelerating the fix, but applying these updates takes coordination and time.","spans":[]},{"type":"paragraph","text":"Our security and engineering teams are monitoring our hypervisors and following this issue closely. We remain in communication with our contacts at Intel regarding any new developments. The security of our users’ data is one of our highest priorities, and we are ready to take action if and when appropriate. At this time, we strongly recommend ensuring that you have the latest packages from your distributions, and you use the latest browser versions with fixes for Variant 4.","spans":[]},{"type":"paragraph","text":"We will update this blog as more information becomes available. In addition to posting here, we will notify customers directly if there is a need to take action.","spans":[]}],"blog_post_date":"2018-05-21","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}},{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"a-message-about-intels-latest-security-findings"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Josh Feinblum","author_image":{"dimensions":{"width":170,"height":170},"alt":"Josh Feinblum","copyright":null,"url":"https://images.prismic.io/www-static/c4c133b1c9fcb9c2688f1feeb95690fbe53b2e6b_41049-0-4.jpg?auto=compress,format"},"_meta":{"uid":"josh_feinblum"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"A Message About Intel Security Findings","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Update Tuesday, April 17th, 2018:","spans":[{"start":0,"end":33,"type":"em"}]},{"type":"paragraph","text":"Today we’re excited to share that we have completed the reboot process in our NYC2 datacenter, wrapping up our Spectre and Meltdown mitigation efforts. Rebooting activity across our fleet of 12 datacenters is now complete!","spans":[]},{"type":"paragraph","text":"If you experience any issues with a Droplet that was rebooted during these mitigation efforts, please refer to this Community article we posted to help you troubleshoot.","spans":[{"start":116,"end":133,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/questions/having-application-issues-after-spectre-meltdown-reboots"}}]},{"type":"paragraph","text":"We appreciate your patience and understanding throughout the duration of this necessary maintenance.","spans":[]},{"type":"paragraph","text":"Update Thursday, April 12, 2018:","spans":[{"start":0,"end":32,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today we have successfully completed reboot activity for all customer hypervisors in our AMS2 datacenter.","spans":[]},{"type":"paragraph","text":"We anticipate completing the reboot process in our NYC2 datacenter early next week. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"The completion of reboots in our NYC2 datacenter will also mark the completion of reboots for our entire fleet, and we will share an update here as soon as this on-going maintenance is finished.","spans":[]},{"type":"paragraph","text":"Update Tuesday, April 3, 2018:","spans":[{"start":0,"end":30,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today we have successfully completed reboot activity for all customer hypervisors in our SFO1 datacenter.","spans":[]},{"type":"paragraph","text":"Next week, we are continuing reboots, with maintenance in our AMS2 and NYC2 regions. The reboot process for our entire fleet will continue over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"We will continue to share progress updates here and alert our users to the completion of reboots in each of our regions as information becomes available.","spans":[]},{"type":"paragraph","text":"Update Wednesday, March 28, 2018:","spans":[{"start":0,"end":33,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today we have successfully completed reboot activity for all customer hypervisors in our SGP1 and FRA1 datacenters.","spans":[]},{"type":"paragraph","text":"We are continuing reboots in our SFO1 region, and we expect that maintenance to be completed early next week. The reboot process for our entire fleet will continue over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"We will continue to share progress updates here and alert our users to the completion of reboots in each of our regions as information becomes available.","spans":[]},{"type":"paragraph","text":"Update Friday, March 23, 2018:","spans":[{"start":0,"end":30,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today we have successfully completed reboot activity for all customer hypervisors in our LON1 datacenter.","spans":[]},{"type":"paragraph","text":"Reboots in SGP1 are well underway, and next week we will also conduct them in the FRA1 and SFO1 datacenters. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"The reboot process for our entire fleet will continue over the coming weeks. We will share progress updates here and alert our users to the completion of reboots in each of our regions as information becomes available.","spans":[]},{"type":"paragraph","text":"Update Wednesday, March 21, 2018:","spans":[{"start":0,"end":33,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today we have successfully completed reboot activity for all customer hypervisors in our NYC3 datacenter.","spans":[]},{"type":"paragraph","text":"Reboots in SGP1 and LON1 are currently underway and we continue to coordinate reboots for our other datacenters. The reboot process for our entire fleet will continue over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"We will continue to share progress updates here and alert our users to the completion of reboots in each of our regions as information becomes available.","spans":[]},{"type":"paragraph","text":"Update Monday, March 12, 2018:","spans":[{"start":0,"end":30,"type":"em"}]},{"type":"paragraph","text":"We’re happy to share that today, we have successfully completed reboot activity for all customer hypervisors in our AMS3 datacenter.","spans":[]},{"type":"paragraph","text":"We continue to coordinate reboots for our other datacenters, with SGP1 planned for the next maintenance window, and the reboot process for our entire fleet will continue over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"We will continue to share progress updates here to alert our users to the completion of reboots in each of our regions, or if new information becomes available as we work through our rebooting schedule.","spans":[]},{"type":"paragraph","text":"Update Thursday, March 1, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"Last week, we began rebooting Droplets in our SFO2 and BLR1 datacenters. We’re happy to share that today we successfully completed reboot activity for all customer hypervisors in the SFO2 and BLR1 datacenters. This week, we also started and finished rebooting activity in TOR1, and we are continuing to reboot Droplets in our NYC3 datacenter.","spans":[]},{"type":"paragraph","text":"The reboot process for our entire fleet will continue over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled reboots.","spans":[]},{"type":"paragraph","text":"We will continue to share progress updates here to alert our users to the completion of reboots in each of our regions, or if new information becomes available as we work through our rebooting schedule.","spans":[]},{"type":"paragraph","text":"Update Friday, February 16, 2018:","spans":[{"start":0,"end":33,"type":"em"}]},{"type":"paragraph","text":"Last week, we began rebooting Droplets in our NYC1 datacenter. We’re happy to share that we have successfully completed reboot activity for all customer hypervisors in this datacenter.","spans":[]},{"type":"paragraph","text":"Reboots in our NYC3 datacenter are underway, and next week we will also begin reboot maintenance in the BLR1 and SFO2 datacenters. We anticipate activity lasting for two days in BLR1 (Tuesday 2/20 and Wednesday 2/21) and three business days in SFO2 (Wednesday 2/21 through Monday, 02/26). We will continue the reboot process for our entire fleet over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled rebooting.","spans":[]},{"type":"paragraph","text":"Moving forward, we will share progress updates here to alert our users to the completion of reboots in each of our regions, or if new information becomes available as we work through our rebooting schedule.","spans":[]},{"type":"paragraph","text":"Update Friday, February 9, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"This week we began rebooting Droplets in our NYC1 datacenter. The maintenance is going well and we will continue the reboot process for our entire fleet over the coming weeks. Users can expect email notifications about the maintenance window for their impacted Droplets at least 24 hours ahead of the scheduled rebooting.","spans":[]},{"type":"paragraph","text":"While these rebooting efforts are necessary to apply the patches that mitigate the Spectre and Meltdown vulnerabilities within DigitalOcean’s infrastructure, users should also apply patches in their Droplets to achieve complete protection. To ensure your Droplets are as secure as possible, we recommend that you follow this tutorial to protect against the Meltdown and Spectre vulnerabilities. We also recommend taking a backup or snapshot of critical data before making changes to a production system.","spans":[{"start":313,"end":333,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}},{"start":413,"end":457,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/digitalocean-backups-and-snapshots-explained"}}]},{"type":"paragraph","text":"Mitigating the risks presented by Spectre and Meltdown is a top priority for our engineering team and we are working hard to minimize disruption during this necessary maintenance. During this process we will communicate with you in the following ways:","spans":[]},{"type":"list-item","text":"Status page updates related to the scheduled maintenance and separate status reports if issues arise","spans":[{"start":0,"end":19,"type":"hyperlink","data":{"link_type":"Web","url":"https://status.digitalocean.com/"}}]},{"type":"list-item","text":"Email notifications, including a list of affected Droplets, to all affected customers at least 24 hours ahead of scheduled maintenance windows","spans":[]},{"type":"list-item","text":"Blog updates as new information becomes available","spans":[]},{"type":"paragraph","text":"Update Friday, February 2, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"This week, our engineering and infrastructure teams completed the preparation and testing necessary to begin our planned reboots on Monday, February 5th.","spans":[]},{"type":"paragraph","text":"The reboots will be done on a rolling basis and will affect all Droplets in all regions. We will be starting reboots in the NYC1 region and have notified all customers who will be affected on Monday and Tuesday by email. We will continue to notify affected customers at least 24 hours in advance as we reboot their physical machines and the Droplets on them. These reboots are necessary in order to apply the patches that mitigate the Spectre and Meltdown vulnerabilities within DigitalOcean’s infrastructure.","spans":[]},{"type":"paragraph","text":"In some cases, patching inside Droplets may be more critical than others. We encourage users to determine the best course of action and strongly recommend you follow the steps outlined in this article to improve your security and ensure your Droplet is running an updated kernel. We also recommend taking a backup or snapshot of critical data before making changes to a production system.","spans":[{"start":159,"end":200,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}},{"start":298,"end":342,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/digitalocean-backups-and-snapshots-explained"}}]},{"type":"paragraph","text":"If your distribution is not included in the list of patched versions below, we highly recommend you move your data to a new Droplet running a version that is receiving security updates. To simplify the act of patching, we have recently updated Droplets to utilize a GrubLoader, which allows Droplets that use our in-control panel legacy system to boot into internally installed kernels. On certain legacy Droplets, this may cause issues if the kernel is not upgraded.","spans":[{"start":256,"end":276,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel"}},{"start":458,"end":466,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}}]},{"type":"paragraph","text":"Meltdown distribution updates to date: CentOS 6 & 7, RancherOS, CoreOS, Debian 7, 8 & 9, Fedora 27 Atomic, Ubuntu 14.04, 16.04 & 17.10 base images have been updated. Fedora 26 & 27 have updates available, but users will have to manually update as Fedora does not have updated Cloud Images. Our Ubuntu 16.04 1-Click images have been refreshed to include the latest patches and updates.","spans":[{"start":0,"end":37,"type":"strong"}]},{"type":"paragraph","text":"Spectre distribution updates to date: At this time only Ubuntu and CentOS have released kernel updates to address Spectre Variant 1 and they have been included in our CentOS 6 & 7 base images. Both kernels include Spectre Variant 2 fixes, however, they are not enabled on our Cloud Platform at this time.","spans":[{"start":0,"end":36,"type":"strong"}]},{"type":"paragraph","text":"We will work as hard as possible to minimize disruption during these reboots. During this process we will communicate with you in the following ways:","spans":[]},{"type":"list-item","text":"Status page updates related to the scheduled maintenance and separate status reports if issues arise","spans":[{"start":0,"end":19,"type":"hyperlink","data":{"link_type":"Web","url":"https://status.digitalocean.com/"}}]},{"type":"list-item","text":"Email notifications, including a list of affected Droplets, to all affected customers at least 24 hours ahead of scheduled maintenance windows","spans":[]},{"type":"list-item","text":"Blog updates as new information becomes available","spans":[]},{"type":"paragraph","text":"Update Friday, January 26, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"This week our engineering team completed testing of our candidate kernel with all of our major subsystems and tested the fixes that will be deployed across our fleet.","spans":[]},{"type":"paragraph","text":"We are ready to begin our planned reboots which will affect all Droplets in all regions, and have notified affected customers by email. During the course of this maintenance, we will reboot physical machines and the Droplets on them.","spans":[]},{"type":"paragraph","text":"In some cases patching inside Droplets may be more critical than others. We encourage users to determine the best course of action and we strongly recommend you follow the steps outlined in this article to improve your security and ensure your Droplet is running an updated kernel.  We also recommend taking a backup or snapshot of critical data before making changes to a production system.","spans":[{"start":190,"end":202,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}},{"start":310,"end":328,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/digitalocean-backups-and-snapshots-explained"}}]},{"type":"paragraph","text":"If your distribution is not included in the list of patched versions listed in our January 19th update, we highly recommend you move your data to a new Droplet running a version that is receiving security updates.  To simplify the act of patching, we have recently updated Droplets to utilize a GrubLoader. On certain legacy Droplets, this may cause issues if the kernel is not upgraded.","spans":[{"start":295,"end":305,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel"}},{"start":378,"end":386,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}}]},{"type":"paragraph","text":"We will be starting reboots in NYC1 as early as Wednesday, January 31st and we will be communicating with customers in the following ways:","spans":[]},{"type":"list-item","text":"Email notifications, including a list of affected Droplets, will be sent to all affected customers at least 24 hours ahead of scheduled maintenance windows.","spans":[]},{"type":"list-item","text":"We will be using our status page to communicate about any reboot-related incidents.","spans":[{"start":21,"end":32,"type":"hyperlink","data":{"link_type":"Web","url":"https://status.digitalocean.com/"}}]},{"type":"list-item","text":"We will continue to share updates on this blog as we have them.","spans":[]},{"type":"paragraph","text":"Update Friday, January 19, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"Over the past week, our engineering team has identified and begun formal testing on a set of kernel patches that begin to mitigate all three variants. We are validating this candidate kernel with all of our major subsystems and starting to plan and test this initial round of fixes to deploy across our fleet.","spans":[]},{"type":"paragraph","text":"We anticipate a robust testing phase over the next week to ensure these changes will not negatively impact our customers, continuing our approach of taking careful, well-informed steps towards long term resolution, rather than a string of one-off mitigation efforts.","spans":[]},{"type":"paragraph","text":"We plan to provide our next update on Friday, January 26th. If we determine that we are able to initiate reboots sooner, we will provide an update here and e-mail affected customers directly with at least 24 hours advance notice.","spans":[]},{"type":"paragraph","text":"In the meantime, we encourage you to ensure your servers are as secure as possible. For more information about protecting your Droplets, you can reference this tutorial.","spans":[{"start":155,"end":168,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}}]},{"type":"paragraph","text":"Meltdown distribution updates to date: CentOS 6 & 7, RancherOS, CoreOS, Debian 7, 8 & 9, Fedora 27 Atomic, Ubuntu 14.04, 16.04 & 17.10 base images have been updated. Fedora 26 & 27 have updates available, but users will have to manually update as Fedora does not have updated Cloud Images. Our Ubuntu 16.04 1-Click images have been refreshed to include the latest patches and updates.","spans":[{"start":0,"end":37,"type":"strong"}]},{"type":"paragraph","text":"Spectre distribution updates to date: At this time only CentOS 6 and CentOS 7 have released kernel updates to address Spectre Variant 1 and have been included in our our CentOS 6 & 7 base images.","spans":[{"start":0,"end":36,"type":"strong"}]},{"type":"paragraph","text":"Update Friday, January 12, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"Our engineering team continues to procure and test patches as they become available and we have a significant amount of resources dedicated to this task. While numerous patches have been rolled out for Meltdown, mitigations for Spectre are still sparse and raw. Unfortunately, many distributions have not been able to roll out a full set of patches to address all 3 variants of the exploits. We will continue preliminary testing through the week of January 15th. These tests will have no customer impact, and will be focused on getting machines up and running in these new environments.","spans":[]},{"type":"paragraph","text":"Intel released a microcode update this week, unfortunately the update was determined to cause stability issues for other Intel customers, and has since been pulled back. DigitalOcean did not apply this microcode to our fleet, and we are awaiting the release of new a microcode. Once we have the final microcode in hand, we will begin performance/regression testing to validate the update in our environment.","spans":[]},{"type":"paragraph","text":"As we have previously mentioned, fleet wide reboots will take place following successful testing and validation. We will communicate the reboot schedule to customers in advance of any action. In the meantime, we expect to share another update here on Friday 1/19. For more information about protecting your Droplets, you can reference this tutorial.","spans":[{"start":335,"end":348,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}}]},{"type":"paragraph","text":"Meltdown distribution updates to date: CentOS 6 & 7, RancherOS, CoreOS, Debian 7, 8 & 9, Fedora 27 Atomic, Ubuntu 14.04, 16.04 & 17.10 base images have been updated. Fedora 26 & 27 have updates available, but users will have to manually update as Fedora does not have updated Cloud Images.","spans":[{"start":0,"end":38,"type":"strong"}]},{"type":"paragraph","text":"Update Tuesday, January 9, 2018:","spans":[{"start":0,"end":31,"type":"em"}]},{"type":"paragraph","text":"As the ongoing security vulnerability developments evolve there are still many unknowns. Like many other cloud service providers we are participating in Linux kernel working groups, coordinating with Intel and other hardware vendors, and doing our own exhaustive research. The goal is to protect the security of our users' data and provide a long term solution instead of offering a cascade of short term fixes. That said, here is our approach based on what we know today.","spans":[]},{"type":"paragraph","text":"As mitigations for vulnerabilities are released, our engineering team is diligently and methodically testing each one to ensure that our customers have stability and performance when the patches are applied. We will continue this testing process for all new patches. It is difficult to estimate the timeframe we’ll need to create, debug and test them, as new patches are being rolled out sporadically, but we anticipate that the testing phase will last for at least another week. We plan to share another update this Friday, January 12th. As mentioned in our last post, we will alert customers in advance of any reboots that need to take place.","spans":[]},{"type":"paragraph","text":"In the meantime, we encourage you to track the patches being released on your distributions and we’ve compiled a list of distribution patches released thus far, which we will update as they become available. It’s important to note that updated distributions do have various fixes, but none have remediations for all three vulnerabilities. In order to help our users protect themselves as the patches become available, we have changed all Droplets to utilize our Grubloader kernel, ensuring that Droplet kernels can be upgraded by the user, without DigitalOcean involvement.","spans":[{"start":462,"end":479,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel"}}]},{"type":"paragraph","text":"Meltdown distribution updates to date:\nCentOS 7, RancherOS, CoreOS, Debian 9, Fedora 27 Atomic","spans":[{"start":0,"end":38,"type":"strong"}]},{"type":"paragraph","text":"We’ve also authored this tutorial to help you apply patches. This, too, will be updated as more information and patch releases become available.","spans":[{"start":25,"end":33,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities"}}]},{"type":"paragraph","text":"Update Friday, January 5, 2018:","spans":[{"start":0,"end":30,"type":"em"}]},{"type":"paragraph","text":"Our engineering team continues to remain in close coordination with Intel, Canonical, and our other vendors. We are currently awaiting patches that, once applied, should mitigate the security vulnerabilities. We expect to have those patches on Tuesday, January 9th, and will begin formal testing as soon as they are received.","spans":[]},{"type":"paragraph","text":"In the interim, as patches become available on the Linux kernel list and microcode updates become available from Intel and other vendors, we are doing ad-hoc testing to understand potential performance implications and evaluate stability concerns so we can execute our mitigation as smoothly as possible.","spans":[]},{"type":"paragraph","text":"The scope of work is extensive; everything from the kernel to compilers and emulation systems must be patched and tested. We will be devoting all of our available engineering resources to this effort, but the set of changes is so significant that we cannot yet estimate the time frame needed to complete validation. The security of our customers and the reliability of our services are important to us and it is critical that we take the time to validate before we roll out changes.","spans":[]},{"type":"paragraph","text":"We expect to post another update on Tuesday, January 9th, once we have received the patches and testing is underway. We will share updates here sooner if additional information becomes available. We appreciate your patience!","spans":[]},{"type":"paragraph","text":"Update Thursday, January 4, 2018:","spans":[{"start":0,"end":32,"type":"em"}]},{"type":"paragraph","text":"Our engineering team continues to coordinate closely with Intel to determine the exact scope and impact of the Meltdown and Spectre security vulnerabilities. It is our current understanding that DigitalOcean is not vulnerable to the Meltdown (Variant 3) exploit because of our usage of KVM virtualization. However, we will still be taking the necessary steps to protect our customers from the impact of the Spectre (Variants 1 and 2) exploits.","spans":[]},{"type":"paragraph","text":"We will be obtaining the patches necessary to mitigate the vulnerabilities and once our engineering team has validated them, we will be rebooting our entire fleet of Droplets. DigitalOcean users will also need to upgrade their own kernels, and we will be working closely with them to ensure that this process goes as smoothly as possible. Every customer will receive advanced notification before we initiate the reboots.","spans":[]},{"type":"paragraph","text":"Original post Wednesday, January 3, 2018:","spans":[{"start":0,"end":40,"type":"em"}]},{"type":"paragraph","text":"Earlier this week, we became aware of a potential security flaw impacting Intel hardware used by DigitalOcean and many other cloud service providers. Since learning of this issue, we have been actively investigating and tracking Linux kernel activity and our development team has been working diligently to obtain as much information as possible from Intel. Unfortunately, the strict embargo placed by Intel has significantly limited our ability to establish a comprehensive understanding of the potential impact.","spans":[]},{"type":"paragraph","text":"Based on our investigation and the information we have received thus far, we believe that it may be necessary to reboot impacted customer Droplets. If reboots are determined to be the correct course of action for DigitalOcean users, we will schedule the urgent maintenance and notify impacted customers in advance.","spans":[]},{"type":"paragraph","text":"We are continuing to monitor this situation and work with Intel to obtain more details. We’ll share updates in this blog post as additional information becomes available to us.","spans":[]},{"type":"paragraph","text":"You can read Intel’s initial statement here.","spans":[{"start":39,"end":43,"type":"hyperlink","data":{"link_type":"Web","url":"https://newsroom.intel.com/news/intel-responds-to-security-research-findings/"}}]},{"type":"paragraph","text":"Josh Feinblum leads security and compliance for DigitalOcean and serves as Chief Security Officer. Prior to DigitalOcean, he was the head of security at Rapid7 and started several security programs across hyper-growth, technology-oriented healthcare companies. He is deeply involved in the security community and has more than 14 years of experience managing security teams, overseeing major clients at large managed service providers, and starting privacy and security related programs across commercial and federal financial service firms.","spans":[{"start":0,"end":541,"type":"em"}]}],"blog_post_date":"2018-01-03","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}},{"tag1":{"tag":"Trust & Security","_linkType":"Link.document","_meta":{"uid":"trust-security"}}}],"_meta":{"uid":"a-message-about-intel-security-findings"}}}]}}}