Security of our products and services

Elastic's hosted and self-managed products are built with security in mind and include features engineered to keep customer information safe. This page is a resource for our customers who would like to better understand how Elastic products both meet and help ensure compliance with data protection laws and regulations.

Privacy

Privacy

Learn how to get your Elasticsearch data compliant through our GDPR compliance page. Visit our General Privacy Statement page for information on how we collect, use, share and otherwise process personal data.

Elastic Cloud

Elastic Cloud

We’re entrusted with securing thousands of customers' valuable data. See how we earn that trust on our Elastic Cloud Security page and the Elastic App Search and Elastic Site Search security overview.

Products

Products

See the inherent data security functionalities of the Elastic Stack on the Elastic Stack Security page. Learn about Elastic Security, our security solution that combines endpoint security and SIEM for holistic and unified protection.

Compliance standards

Elastic operates in compliance with key information security standards and regulations. Our services are independently audited and confirmed to meet privacy and compliance standards for data security and privacy via our certifications and attestations.

SOC 2

SOC 2

Service Organization Control

CSA STAR

CSA STAR

The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program

ISO/IEC 27001

ISO/IEC 27001

Information Security Management System (ISMS)

ISO/IEC 27017

ISO/IEC 27017

Security Controls for the Provision and Use of Cloud Services

ISO/IEC 27018

ISO/IEC 27018

Protection of Personally Identifiable Information (PII)

HIPAA

HIPAA

Health Insurance Portability and Accountability Act

FedRAMP

FedRAMP

The Federal Risk and Authorization Management Program, (currently in process).

SOC 3

SOC 3

Elasticsearch Service, Elastic Support, and Elastic App + Site Search are all compliant with SOC 3 requirements.

ISAE 3000

ISAE 3000

International Standard on Assurance Engagements (ISAE) No. 3000

Our approach

We take security seriously. Our experienced team of security practitioners work across disciplines such as security engineering, security assurance, and risk and compliance. They work with our entire organization, particularly our engineering team, to ensure world-class security for our technology and company.

Privacy

Elastic is committed to complying and supporting compliance with data protection laws and regulations, such as the EU General Data Protection Regulation, throughout our services.

Vulnerability management

Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and customers, our teams ensure that security vulnerabilities affecting our products are documented and that solutions are released in a responsible manner.

If you believe you have discovered a potential security vulnerability, report it using the instructions available on our security issues page.

Supply chain compliance

We carefully vet each of our vendors and open source projects to ensure they meet the standards and compliance we’re committed to. Elastic partners with select Infrastructure as a Service (IaaS) providers rather than maintaining our own data centers. Each of our IaaS providers regularly undergo independent third-party audits to ensure the security of their services.

Go ahead, protect your data

Securing your Elastic Stack is easy — and it makes good sense. (Plus, it's also available on Elastic Cloud.)