Platform Security Documentation
Our Commitment to Enterprise-Grade Information Security
Elastio is dedicated to maintaining robust security practices to protect sensitive information, prevent unauthorized access, and ensure compliance with industry standards.
- Our Commitment to Enterprise-Grade Information Security
- AWS Permissions and IAM Roles
- AWS CloudTrail Audit Trail Events
- Elastio Container Image Security
- Vulnerability Management Policy
- AWS AMIs Used by Elastio Worker EC2 Instances
- Elastio SOC and Data Service Providers
Elastio's Commitment to Internal Security
Strong Authentication and Authorization
- We implement robust measures to secure access to our systems:
- Single Sign-On (SSO) platform for centralized access management
- Multi-Factor Authentication (MFA) to prevent unauthorized access
- IAM roles and short-lived tokens for cloud environment access
- Zero-trust network access solution for additional security
Cloud Security Architecture
Our production environment is built on principles of immutability and strict control:
- Infrastructure-as-code for consistent and secure deployments
- Strict change control with audit and approval processes
- Automated detection of unauthorized production changes
- Cloud-native network security mechanisms
- Secure perimeter and internal environment segregation
- Application of industry best practices and internal research for ongoing hardening and assessment
Secure Development Lifecycle (SDLC)
We maintain the security and integrity of our infrastructure and product code through:
- Static and dynamic security testing
- Container image vulnerability scanning
- Mandatory peer review for code changes
- Security features in source control and CI/CD platforms
- Security design and implementation reviews for new features and infrastructure changes
Security Awareness
We foster a culture of security through:
- Recurring information security and data privacy training
- Ongoing guidance on emerging threats
- Team-specific security guidelines and procedures
- Promotion of secure practices in daily work
Logging, Detection, and Response
Our security operations include:
- Security Information Event Management (SIEM) system
- Comprehensive security telemetry ingestion
- Advanced detection pipeline and security data lake
- Global security team for rapid triage, investigation, and remediation
Risk Management
Our integrated risk management process:
- Identifies opportunities to improve security and privacy
- Mitigates threats to critical assets
- Upholds customer, regulatory, and legal commitments
- Adapts to the evolving landscape of cyber threats
Supplier Risk Management
We ensure the security and reliability of our supply chain through:
- Comprehensive supplier risk assessment
- Ongoing monitoring of supplier security postures
- Integration of supplier risk into our overall security strategy
Audits and Compliance
We maintain a rigorous audits and compliance program:
- Adherence to industry standards and regulatory requirements
- Third-party oversight of security and privacy programs
- Regular technical assessments, including penetration testing
Encryption and Key Management
We employ strong encryption practices:
- Utilization of cloud-native key solutions (e.g., AWS KMS)
- Secure key storage and management
- Automated controls to prevent insecure key handling
By implementing these security measures, we are committed to protecting both our customers' data and our internal systems and processes. This holistic approach to security ensures the highest level of protection and reliability in our products and services.