You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
% {{ech}} doesn't support custom SSL certificates, which means that a custom CNAME for an {{ech}} endpoint such as *mycluster.mycompanyname.com* also is not supported.
19
20
%
@@ -22,7 +23,7 @@ mapped_urls:
22
23
% encryption at rest (EAR) is enabled in {{ech}} by default. We support EAR for both the data stored in your clusters and the snapshots we take for backup, on all cloud platforms and across all regions.
23
24
% You can also bring your own key (BYOK) to encrypt your Elastic Cloud deployment data and snapshots. For more information, check [Encrypt your deployment with a customer-managed encryption key](../../../deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
24
25
25
-
Note that the encryption happens at the file system level.
26
+
% Note that the encryption happens at the file system level.
This section covers how to secure your Elastic environment. Learn how to implement TLS encryption, network security controls, and data protection measures.
79
+
80
+
## Security overview
81
+
82
+
An Elastic implementation comprises many moving parts: {es} nodes forming the cluster, {kib} instances, additional stack components such as Logstash and Beats, and various clients and integrations communicating with your deployment.
83
+
84
+
To keep your data secured, Elastic offers comprehensive security features that:
85
+
- Prevent unauthorized access to your deployment
86
+
- Encrypt communications between components
87
+
- Protect data at rest
88
+
- Secure sensitive settings and saved objects
89
+
90
+
Security requirements and capabilities vary by deployment. Features may be managed automatically by Elastic, require configuration, or must be fully self-managed. Refer to [Security by deployment type](#security-by-deployment-type) for details.
91
+
92
+
::::{tip}
93
+
See the [Deployment overview](/deploy-manage/deploy.md) to understand your options for deploying Elastic.
94
+
::::
95
+
96
+
### Security by deployment type
97
+
98
+
Security features have one of these statuses across deployment types:
99
+
100
+
| Status | Description |
101
+
|--------|-------------|
102
+
|**Managed**| Handled automatically by Elastic with no user configuration needed |
103
+
|**Configurable**| Built-in feature that needs your configuration (like IP filters or passwords) |
104
+
|**Self-managed**| Infrastructure-level security you implement and maintain |
105
+
|**N/A**| Not available for this deployment type |
Throughout this security documentation, you'll see deployment type indicators that show which content applies to specific deployment types. Each section clearly identifies which deployment types it applies to, and deployment-specific details are separated within each topic.
140
+
141
+
To get the most relevant information for your environment, focus on sections tagged with your deployment type and look for subsections specifically addressing your deployment model.
142
+
143
+
## Security topics
144
+
145
+
This security documentation is organized into four main areas:
146
+
147
+
% TODO: Add links to the sections below
148
+
149
+
### 1. Secure your hosting environment
150
+
151
+
The security of your hosting environment forms the foundation of your overall security posture. This section covers environment-specific security controls:
152
+
153
+
-**Elastic Cloud Hosted and Serverless**: Organization-level SSO, role-based access control, and cloud API keys
154
+
-**Elastic Cloud Enterprise**: TLS certificates, role-based access control, and cloud API keys
0 commit comments