Secure your Elastic Cloud organization

Elastic Cloud Hosted Serverless

This section covers security settings for your Elastic Cloud organization, the platform for managing Elastic Cloud Hosted deployments and serverless projects.

Managed by Elastic

As a managed service, Elastic automatically handles a number of security features with no configuration required:

• TLS encrypted communication is provided in the default configuration. Elasticsearch nodes communicate using TLS.
• Encryption at rest. By default, all of your Elastic Cloud resources are encrypted at rest. Note that you can choose to encrypt your Elastic Cloud Hosted deployments using your own encryption key.
• Cluster isolation. Elasticsearch nodes run in isolated containers, configured according to the principle of least privilege, and with restrictions on system calls and allowed root operations.

Additional organization-level security settings

To reinforce the security of your organization, consider implementing the following measures:

• Organization-level SSO. Note that for Elastic Cloud Hosted deployments, you can also configure SSO at the deployment level.
• Cloud role-based access control: Define the roles of users who have access to your organization and its resources. Note that for Elastic Cloud Hosted deployments, you can also manage non-cloud users and roles.
• Cloud API keys: Manage API keys used for programmatic access to Elastic Cloud and Elastic Cloud serverless APIs.

Additional deployment-level security settings

While serverless projects are fully managed and secured by Elastic, additional security settings are available for you to configure individually for your Elastic Cloud Hosted deployments. Refer to Secure your cluster or deployment for more information.

In addition, multifactor authentication is mandatory for all Elastic Cloud users belonging to your organization. For more information on the available authentication methods, refer to Multifactor authentication.