Just ran across a sad story where Digital Ocean is accused of killing a startup:
... the startup spun up a bunch of servers to run some large batches of data processing, which triggered an abuse alert that shut off their account.
While this might have been a bit over-aggressive on Digital Ocean's part, overall, we would side with Digital Ocean here -- we are seeing more attacks from virtual hosts, presumably from attackers that spin up a bunch of virtual machines to attack other servers and then shut them down when the attack is over -- with utility pricing an attacker can do a lot of damage at pretty low cost.
But this really has little to do with Digital Ocean, specifically -- there are a bunch of ways reliance on a single vendor can cause major business disruption. We've written about other incidents along these lines before. No matter what service you use, you need to consider the risks associated with that service -- many of which have nothing to do with who the service is. Risks like:
- Your account credentials get compromised, and an attacker deletes everything (or something) in it
- Ransomware that gains access to your credentials, and encrypts your data
- Hardware failure
- Vendor goes out of business
- Vendor gets acquired and changes their terms, or gets shut down (Google is notorious for shutting down services that "only" have 10 million users, and frequently acquires software companies)
- Vendor otherwise changes their service in a way that no longer meets your needs
- An attacker compromises your account through another account with insufficient separation from yours
All of these risks have various ways of mitigating them -- measures such as two-factor authentication, keeping offline backups or backups at an entirely unrelated service, using commodity services that make your data portable to other systems.
If you're ignoring these risks, you are making yourself vulnerable. In this case, Digital Ocean is already a commodity provider of virtual machines, so it's easy to switch to another provider if something goes horribly wrong there -- if you have your data safely backed up somewhere else. Apparently for many companies, this is a big "if"...
Many of the same risks apply to Amazon Web Services (AWS), which is considered the gold standard for this type of hosting.
We are customers of both services. We back up all of our Digital Ocean data at AWS, and all of our AWS data in Google Cloud Platform (GCP). We keep our configuration in code so we can spin up replacement servers at any of those servers and restore all data within an hour or two -- and we help our clients do the same.
The question is, how valuable is your website? If it's not worth much, or you're just starting out, it may make sense to take shortcuts and spend your resources elsewhere. But if it's worth much to your business, you should be protecting it from these risks!
And feel free to reach out if we can help you with some disaster recovery planning, or implementing redundant backups of your Drupal or WordPress site!