Specific Encyption at Rest Algorithm?

tensor · November 4, 2022, 5:11pm

Hi

One of our customers is insisting we provide evidence of encryption used by our third party processors (which includes Elastic).

I can find published statements that data is encrypted at rest in the SOC-3 compliance document (https://www.elastic.co/pdf/elasticsearch-service-soc-3.pdf) and in the technical FAQs (Securing your deployment | Elasticsearch Service Documentation | Elastic) however neither of these nor any other searches I do specify specifically the algorithm used. Can someone please confirm and ideally provide a link to a published Elastic document that specifies, say, AES256?

We are using ElasticCloud hosted on Azure, with clusters at version 8.4.2

stephenb · November 4, 2022, 7:26pm

Hi @tensor ,

I would reach out to your account team or perhaps support to get a specific / official response as I / we cannot (and should not) make an official statement here on the discuss forum especially with respect to security and compliance that you report to your customer.

Your Account Team should be able to get you that answer.

system · December 2, 2022, 7:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data at rest encryption. Is it coming for Elasticsearch? Elasticsearch elastic-stack-security	6	4889	July 6, 2017
Encryption at rest what features comes under the same Elasticsearch elastic-stack-security	6	382	September 16, 2019
Encryption for hosted Elasticsearch instance Elasticsearch	2	314	March 17, 2021
Encrypt at rest in Elastic Enterprise Search Elastic Search elastic-workplace-search	2	315	October 29, 2023
Encryption In Elasticsearch Elasticsearch	15	290	July 10, 2024

Specific Encyption at Rest Algorithm?

Related topics