Skip to main content

Elastic Cloud Serverless achieves major compliance certifications across AWS, Azure, and GCP

Securely scale search, security, and observability apps on any cloud provider.

By
Oliver Mao
laura-adai-R2RmF1k5Uo0-unsplash_(1)_(1).png

We are thrilled to announce a major milestone in our commitment to security, privacy, and regulatory compliance for Elastic Cloud Serverless. Elastic Cloud Serverless has now attained a comprehensive suite of key compliance certifications across all of our available cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (GCP).

Since launching Elastic Cloud Serverless on AWS and achieving industry leading security, compliance, and privacy certifications, we’ve focused on bringing the fastest, most flexible way to scale your search, security, and observability applications to Azure and GCP. Now, we're extending that foundation of world-class security and governance across the entire serverless footprint, ensuring that users in the most highly regulated industries can confidently adopt Elastic Cloud Serverless across the enterprise, regardless of their chosen cloud platform.

This achievement demonstrates our continued investment in comprehensive security and data protection practices, allowing you to focus on your data while we handle the foundational security and compliance requirements.

Certifications achieved

Elastic Cloud Serverless is now audited or certified under the following industry-leading frameworks across AWS, Azure, and GCP:

  • SOC 2 Type 2

  • PCI-DSS

  • ISO 27001 (Information Security Management System)

  • ISO 27701 (Privacy Information Management System)

  • ISO 27017 (Cloud Services Security)

  • ISO 27018 (Protection of Personal Data in the Cloud)

  • Cloud Security Alliance (CSA) STAR

  • HIPAA

What this means for you

Achieving uniform compliance across AWS, Azure, and GCP provides essential security assurance wherever you choose to deploy.

Here is a brief overview of why these frameworks might be relevant to your organization:

CertificationSignificance for Elastic Cloud Serverless users
SOC 2 Type 2Demonstrates that the service meets rigorous standards for security, availability, confidentiality, and privacy based on AICPA Trust Service Criteria
PCI-DSSAttests to compliance with requirements for securing environments that store, process, or transmit payment card data
ISO 27001Confirms that Elastic has established, implemented, maintained, and continually improved upon an effective Information Security Management System (ISMS)
ISO 27701Reflects Elastic’s ongoing operation and continual improvement of an effective Privacy Information Management System (PIMS), reinforcing our commitment to data privacy
ISO 27017 and ISO 27018Certifies that Elastic has implemented security controls applicable to the provision and use of cloud services with specific measures to protect personal information in the cloud
CSA STARDemonstrates our commitment to cloud security best practices and transparency through the rigorous Cloud Security Alliance certification
HIPAASatisfies the requirements of the HIPAA Security Rule and Breach Notification Rule, enabling covered entities and business associates to use Elastic Cloud Serverless for protected health information (PHI)

 

Unlocking multi-cloud security and flexibility

This compliance milestone directly supports our commitment to deliver a secure, reliable, and compliant service for a consistent multi-cloud experience. You can now enjoy the benefits of Elastic Cloud Serverless, including instant scalability, automatic resource management, and pay-as-you-go simplicity, with peace of mind that it has passed industry-leading independent audits, assessments, and certification processes.

We will continue to maintain these certifications and expand our portfolio of supported compliance frameworks, positioning Elastic Cloud Serverless as the trusted solution for search, security, and observability applications globally and across all industries.

To learn more about our full portfolio of compliance certifications and read the attestation reports, please visit the Elastic Trust Center.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial