Elastic's hosted and self-managed products are built with security in mind and include features engineered to keep customer information safe. This page is a resource for our customers who would like to better understand how Elastic products both meet and help ensure compliance with data protection laws and regulations.
Elastic Cloud is authorized at the Moderate Impact level for the Federal Risk and Authorization Management Program.
We take security seriously. Our experienced team of security practitioners work across disciplines such as security engineering, security assurance, and risk and compliance. They work with our entire organization, particularly our engineering team, to ensure world-class security for our technology and company.
Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and customers, our teams ensure that security vulnerabilities affecting our products are documented and that solutions are released in a responsible manner.
If you believe you have discovered a potential security vulnerability, report it using the instructions available on our security issues page.
We carefully vet each of our vendors and open source projects to ensure they meet the standards and compliance we’re committed to. Elastic partners with select Infrastructure as a Service (IaaS) providers rather than maintaining our own data centers. Each of our IaaS providers regularly undergo independent third-party audits to ensure the security of their services.