We've been having a discussion around here on how to best deploy Elastic that complies with our SOC 2 requirements. In a nutshell, SOC 2 requires all our environments to be separate.
We are using Elastic for log aggregation and monitoring. It is not a core component or essential part of our product, and our product can exist perfectly fine without Elastic.
I'm of the opinion that since ES is not a required part of our product stack, that it is reasonable/acceptable to deploy a single instance of Elasticsearch and to use Spaces and Security to control access to the data.
I am curious to know how folks in a similar situation (SOC2, ES only for log aggregation, multiple environments) are handling the deployment of Elastic in their companies.