Public cloud provider DigitalOcean has made a crucial change to its procedures after
a security issue made headlines earlier this week — one that will better protect the data of former, current, and potential new customers.
Researcher Jeffrey Paul observed late on Sunday that DigitalOcean did not set as a default the option of wiping the fast solid state disk drives the company uses to store customers’ data. As a result, Paul noted, it was possible to see some data from a previous customer.
On Tuesday, a day after the issue became news, and a day after the company responded with a statement, DigitalOcean made “data scrubbing” a default for all customers, said Mitch Wainer, a cofounder and the company’s chief marketing officer.
The company made a similar move after the company’s security came into question last year but decided to make scrubbing an option again because performance lagged.
This time, DigitalOcean engineers “coded a new layer on top to make sure the impact [in performance] would be minimal,” Wainer said, although he added that the company has not run tests to confirm that.
The actions reflect a cloud provider trying hard to look reliable and technically impressive at the same time while many of its competitors vie for business’ public cloud revenue.
This week’s security issue “definitely has affected some of our newly acquired customers, or customers who are thinking about migrating to DigitalOcean in the past … few days,” Wainer said in an interview with VentureBeat.
But in the long run, Wainer said, the incident will be a hiccup. The company grew steadily in 2013, and new features, such as object storage and a content-delivery network, “will certainly offset the negativity that happened pre-2014.”