Security of our products and services
Elastic's hosted and self-managed products are built with security in mind and include many features designed to keep customer information safe. Elastic products also meet and help ensure compliance with data protection laws and regulations.
Security at Elastic
We are dedicated to Elastic Security's mission of protecting the world's data from attack, and the security of our products and services is a top priority. Elastic maintains a comprehensive information security program that includes appropriate technical and organizational measures designed to protect our customers.
Elastic has an experienced team of security practitioners who work across multiple disciplines, including security engineering, threat detection, incident response, security assurance, and risk and compliance. The Information Security teams work throughout our entire organization, particularly with engineering teams, to ensure world-class security for our technology and company.
Visit Elastic Cloud Security for more information.
Privacy at Elastic
Elastic is committed to protecting your personal data and supporting compliance with global data protection laws and regulations, such as the EU General Data Protection Regulation (GDPR). Elastic Cloud includes contractual commitments to protect data security, confidentiality, and integrity. See the standard Elastic Cloud Terms of Service and our Data Privacy Addendum for more details. In addition to protecting your data, we aim to facilitate our customers' compliance with data protection laws and regulations, which is why we designed the Elastic Stack to help you achieve your privacy compliance goals.
Resiliency
Elastic Cloud clusters are globally available across major cloud service providers to meet our customers’ hosting and data sovereignty needs. Customers can enable high availability for their clusters through availability zone or region failover. View uptime data and subscribe to alerts on the Elastic Cloud status page.
Vulnerability management
Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and our customers, we ensure that security vulnerabilities affecting our products are communicated and that solutions are released in a responsible and timely manner. Elastic source code and issue tracking is publicly available, and we encourage you to report vulnerabilities through HackerOne bug bounty program to help keep Elastic products and services secure!
Customer Zero Program
Elastic is an enthusiastic Customer Zero for all of our solutions — particularly Elastic Security. We are committed to providing our customers with products and services that have been tested in a real production environment before they are distributed broadly. We use our products everywhere we can — and for more than just logs. Elastic’s InfoSec team uses the many features of Elastic Stack to create, monitor, detect, and respond to security events on a daily basis.
Visit Elastic on Elastic and Elastic Security to learn more.
Supply chain security
We carefully assess each of our vendors to ensure they meet Elastic’s security and compliance standards . Elastic partners with major Infrastructure as a Service (IaaS) providers to deliver the Elastic Cloud. Each of our IaaS providers regularly undergo independent third-party audits, including SOC 2 audit and ISO 27001 certification at a minimum, to demonstrate the security of their services. Elastic reviews these audit reports and certifications as part of our third-party risk management program.
Elastic also reviews third-party code and publishes listings of third-party open-source dependencies of Elastic products.
To report a security concern, please reach out to [email protected].
Visit the Elastic Security Issues page for our PGP key and for more information.