Security of our products and services

We are dedicated to Elastic Security's mission of protecting the world's data from attack, and the security of our products and services is a top priority. Elastic maintains a comprehensive information security program that includes appropriate technical and organizational measures designed to protect our customers.

Elastic has an experienced team of security practitioners who work across multiple disciplines, including security engineering, threat detection, incident response, security assurance, and risk and compliance. The Information Security teams work throughout our entire organization, particularly with engineering teams, to ensure world-class security for our technology and company.

Visit Elastic Cloud Security for more information.

Elastic is committed to protecting your personal data and supporting compliance with global data protection laws and regulations, such as the EU General Data Protection Regulation (GDPR). Elastic Cloud includes contractual commitments to protect data security, confidentiality, and integrity. See the standard Elastic Cloud Terms of Service and our Data Privacy Addendum for more details. In addition to protecting your data, we aim to facilitate our customers' compliance with data protection laws and regulations, which is why we designed the Elastic Stack to help you achieve your privacy compliance goals.

Elastic Cloud clusters are globally available across major cloud service providers to meet our customers’ hosting and data sovereignty needs. Customers can enable high availability for their clusters through availability zone or region failover. View uptime data and subscribe to alerts on the Elastic Cloud status page.

Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and our customers, we ensure that security vulnerabilities affecting our products are communicated and that solutions are released in a responsible and timely manner. Elastic source code and issue tracking is publicly available, and we encourage you to report vulnerabilities through HackerOne bug bounty program to help keep Elastic products and services secure!

Elastic is an enthusiastic Customer Zero for all of our solutions — particularly Elastic Security. We are committed to providing our customers with products and services that have been tested in a real production environment before they are distributed broadly. We use our products everywhere we can — and for more than just logs. Elastic’s InfoSec team uses the many features of Elastic Stack to create, monitor, detect, and respond to security events on a daily basis.

Visit Elastic on Elastic and Elastic Security to learn more.

We carefully assess each of our vendors to ensure they meet Elastic’s security and compliance standards . Elastic partners with major Infrastructure as a Service (IaaS) providers to deliver the Elastic Cloud. Each of our IaaS providers regularly undergo independent third-party audits, including SOC 2 audit and ISO 27001 certification at a minimum, to demonstrate the security of their services. Elastic reviews these audit reports and certifications as part of our third-party risk management program.

Elastic also reviews third-party code and publishes listings of third-party open-source dependencies of Elastic products.

To report a security concern, please reach out to security@elastic.co.

Visit the Elastic Security Issues page for our PGP key and for more information.