Overview

Connect DigitalOcean to Scrut to pull infrastructure settings, droplet configurations, and user access details as read-only metadata for compliance evidence.

Why Connect

• Validate DigitalOcean configurations against control requirements.
• Monitor firewall, backup, and snapshot settings for security posture.
• Reduce manual exports during cloud audits.

Supported Automated Tests

Scrut provides pre-built automated tests for DigitalOcean. Here are a few examples of Scrut’s DigitalOcean tests:

• Access reviews completed for all in-scope applications
• DigitalOcean accounts associated with users
• DigitalOcean accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for DigitalOcean. Here are a few examples of Scrut’s DigitalOcean-driven evidences that can be collected:

• Encryption Configuration Settings for Data in Transit
• Encryption for Data at Rest or Transit
• Multi-AZ implementation for database
• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service
• Documented Asset Inventory and Review Dates
• Geolocation Requirements for Processing, Storage and Service Locations.
• Production Data not for Testing
• Separation of Development, Test and Production Environment