When filebeat uses cloud.id and api_key fields, is the connection between filebeat and ElasticCloud encrypted ? Has anyone already checked this before ?
It would be helpful if you can point me to related documentation.
But, in Elastic Cloud Service, we use cloud.id and api_key. In this case, is the communication between filebeat and Cloud encrypted first and then, secrets ( api key ) are then sent to Clould Cluster ?
Hi @stephenb
I take advantage of the space, to ask the following and suddenly not open another unnecessary thread.
I will handle PII data in the information that I will store in the elastic indexes, therefore I must implement encryption at rest of the indexes.
Would you have any information or documentation about it?
What options can I have?
We've taken significant measures to ensure that Elastic Cloud customer data cannot be read, copied, modified, or deleted during electronic transmission, transport, or storage through unauthorized means. To reduce the likelihood of vulnerability-related incidents, the Elastic Cloud team deploys Elasticsearch instances based on the latest operating system kernels, and patches the computing “fleet” whenever a critical CVE (i.e., "Common Vulnerability and Exposure," in security-speak) is discovered in any component software. Similarly, Elastic software, including Elastic Stack components and Elastic Cloud Enterprise, used in the provisioning of Elastic Cloud SaaS offerings, is updated as soon as it is released to ensure the latest versions are deployed.
To protect customer data, Elastic Cloud clusters are equipped with Elastic security features that randomly assign individual passwords. Clusters are deployed behind redundant proxies and are not visible to internet scanning. Transport Layer Security (TLS) encrypted communication from the Internet is provided in the default configuration. Elasticsearch nodes run in isolated containers, configured according to the principle of least privilege, and with restrictions on system calls and allowed root operations. Elasticsearch nodes communicate using TLS (requires customer to select 6.0 or later versions of the Elastic Stack). Cluster data is encrypted at rest. We support IP address-based access controls so users may restrict access to their hosted deployments by filtering specific IP ranges. Additional network layer security is available on Amazon with AWS PrivateLink integration. Our support for AWS PrivateLink helps eliminate the exposure of your data to the public internet. This is accomplished by securing the network connection between your Amazon VPCs, applications, and your Elastic Cloud deployments on AWS. API access is limited to Elasticsearch APIs, and no remote access to the instance or container at the Linux level is allowed. Containers have no means of setting up communication with containers from another cluster.
And Finally Depending on your Company's Needs you should reach out to sales@elastic.co and engage with a Solution Architect Like Me.
Typically a company will go through a joint cloud review etc. when it involves PII.
Well of course then all the host, network, disk, organization etc. Security is up to You.
The CVE Program still applies.
And if you engage in a commercial relationship you will have support and can get Professional Services to help with your Architecture, Design and Implementation
Some of the Security features of Elasticsearch are Commercial Licensed only
A couple examples are : SSO / SAML, Field Level Security etc
You can look at all the features vs license here
Then, the actual Elasticsearch product / technical features (which are quite extensive) you will need to take a look at out docs about Securing Your Cluster.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.