Has anyone done much analysis on the readiness of ElasticSearch for the EU GDPR legislation coming into force next year?
As I understand it, GDPR mandates encryption at rest and encryption in transit. The former can be block level encryption on disk so that's easy. Encryption in transit is harder to retrofit to the host to host connections within an ElasticSearch cluster. Encryption of these links seems to only be available under Gold Shield licenses.
Is ElasticSearch intending to make this feature available in the free version?
It seems that not doing so would mean ElasticSearch could not be used for any system that might contain any sort of personal identifier (which includes user IP addresses, so would include Apache logs) - which precludes almost every use I can think of. Unless every installation is covered by a Gold license which is likely to prohibit the use of ElasticSearch in most cases.
Clarity around this would be helpful as would any suggestions work workarounds to introduce encryption to the server-to-server or client-server connections.