Deployment and SOC 2

We've been having a discussion around here on how to best deploy Elastic that complies with our SOC 2 requirements. In a nutshell, SOC 2 requires all our environments to be separate.

We are using Elastic for log aggregation and monitoring. It is not a core component or essential part of our product, and our product can exist perfectly fine without Elastic.

I'm of the opinion that since ES is not a required part of our product stack, that it is reasonable/acceptable to deploy a single instance of Elasticsearch and to use Spaces and Security to control access to the data.

I am curious to know how folks in a similar situation (SOC2, ES only for log aggregation, multiple environments) are handling the deployment of Elastic in their companies.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.