Elastic Cloud has a very strong Security Posture
You should read this closely.
You should also read this closely
And about all the Security Features Here
To Directly to you question from the first link.
We’ve built In logical security controls
We've taken significant measures to ensure that Elastic Cloud customer data cannot be read, copied, modified, or deleted during electronic transmission, transport, or storage through unauthorized means. To reduce the likelihood of vulnerability-related incidents, the Elastic Cloud team deploys Elasticsearch instances based on the latest operating system kernels, and patches the computing “fleet” whenever a critical CVE (i.e., "Common Vulnerability and Exposure," in security-speak) is discovered in any component software. Similarly, Elastic software, including Elastic Stack components and Elastic Cloud Enterprise, used in the provisioning of Elastic Cloud SaaS offerings, is updated as soon as it is released to ensure the latest versions are deployed.
To protect customer data, Elastic Cloud clusters are equipped with Elastic security features that randomly assign individual passwords. Clusters are deployed behind redundant proxies and are not visible to internet scanning. Transport Layer Security (TLS) encrypted communication from the Internet is provided in the default configuration. Elasticsearch nodes run in isolated containers, configured according to the principle of least privilege, and with restrictions on system calls and allowed root operations. Elasticsearch nodes communicate using TLS (requires customer to select 6.0 or later versions of the Elastic Stack). Cluster data is encrypted at rest. We support IP address-based access controls so users may restrict access to their hosted deployments by filtering specific IP ranges. Additional network layer security is available on Amazon with AWS PrivateLink integration. Our support for AWS PrivateLink helps eliminate the exposure of your data to the public internet. This is accomplished by securing the network connection between your Amazon VPCs, applications, and your Elastic Cloud deployments on AWS. API access is limited to Elasticsearch APIs, and no remote access to the instance or container at the Linux level is allowed. Containers have no means of setting up communication with containers from another cluster.
And Finally Depending on your Company's Needs you should reach out to email@example.com and engage with a Solution Architect Like Me.
Typically a company will go through a joint cloud review etc. when it involves PII.