Softcat Limited

Elasticsearch Service

Hosted/managed Elasticsearch & Kibana brought to you by the creators of the Elastic Stack to help you with logging, app search, site search, security analytics (SIEM), metrics, APM, and more. Elastic Cloud ships with X-Pack features including monitoring and security features like default encryption at rest and native authentication.

Features

  • Default Security with Encryption, Authentication, and Role-based Access Control
  • Machine Learning for Anomaly Detection on Time-Series Data
  • Graph Analytics & Reporting tools
  • Built-in Query Based Alerting
  • Elastic-specific Monitoring Tools
  • Application Performance Monitoring (APM)
  • Custom plugins support & Transport client Support
  • Field & Document-level Security

Benefits

  • One-click Upgrades & Scaling
  • Same Day Access to Elastic Stack Version Releases
  • Automatic backups every 30 mins for robust failure recovery
  • Elastic SLA-Based Technical Support
  • Instant Rollout of Elasticsearch and Kibana Security Patches
  • Elastic Maps Service (geo) - out of the box
  • Cross Zone Replication, support for up to 3 availability zones
  • Uptime SLA for Platinum customers

Pricing

£12.28 per gigabyte

Service documents

G-Cloud 10

957887124045989

Softcat Limited

Charles Harrison

01612725766

psitq@softcat.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements N/A

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Refer to https://www.elastic.co/legal/support_policy/cloud_premium for SLAs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support policy and response times can be found here: https://www.elastic.co/legal/support_policy/cloud_premium
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Elastic provides a range of resources to help customers get started on Elastic Cloud. These include: comprehensive documentation, webinars and videos, public trainings, private trainings, on-demand trainings, customer stories, partners, professional support, consulting, and access to Elasticsearch engineers.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers may use the snapshot and restore method to extract their data.
End-of-contract process You may terminate this Agreement at any time by cancelling your Account with Elastic Cloud. Termination of this Agreement shall neither release you from any obligations undertaken under the clauses of this Agreement, nor from any obligations to pay us for any outstanding fees. Any outstanding fees will be billed to you or withdrawn from your registered credit card. You will not receive any refunds by cancelling your Account. You are solely responsible for deleting or retrieving your Data from Elastic Cloud prior to termination of your Account for any reason. If we terminate your Account, we will provide you with a reasonable opportunity to retrieve your Data from Elastic Cloud, if you so request. Such a request must be sent by email to Elastic within seven (7) days after you receive notice regarding the termination. In any event, Data will be deleted from Elastic Cloud no earlier than fourteen (14) days after the termination notice regarding your Account has been sent to you.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API Any operations that can be performed in the UI can be replicated as an API call.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available No

Scaling

Scaling
Independence of resources We use Docker and cgroups to guarantee a customer's share of the underlying resources. This ensures that customers are allocated the exact RAM, Storage, and CPU that they pay for - no more, no less.

Analytics

Analytics
Service usage metrics Yes
Metrics types The X-Pack monitoring features let you monitor Elasticsearch through Kibana. You can view your cluster’s health and performance in real time and analyze past cluster, index, and node metrics.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Elastic

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Restoring snapshots into a custom repository - https://www.elastic.co/guide/en/cloud/current/custom-repository.html
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats Other
Other data import formats Details can be provided upon request

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Elastic Cloud Gold and Platinum customers have a 99.95% uptime SLA.
Approach to resilience Nodes are provisioned in additional Availability Zones within the same region if the customer chooses. Customer would need to configure replication to take advantage of the additional nodes. An Elastic Cloud cluster running across 3 data centers would be a single Elasticsearch cluster, with a copy of the data residing in each availability zones, all replicating to one another and being load balanced by the endpoint.
Outage reporting Any operational outages are updated live on this page here: https://cloud-status.elastic.co/.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Elastic Cloud clusters are protected with X-Pack Security that provides native authentication (to the Elastic Cloud management GUI), Role-Based Access Controls, and field & document level security
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach No - Elastic doesn't currently have any certifications for Elastic Cloud. We are working on certification for SOC2 Type 2 compliance and have engaged an auditor. We don't currently have a timeline for certification that we can share outside of Elastic. In addition, an Information Security Program, generally aligned with the ISO 27001 framework, has been defined which includes an Elastic Information Security Governance Policy and associated standards. These are expected to be approved and implemented in 2018.
Information security policies and processes Elastic's Senior Director of Information Security leads security efforts for the company, and is supported by the company's Information Security Staff, VP of Legal, and Director of Product, Security Market. The company has a Data Protection Officer for its European operations. An Information Security Program, generally aligned with the ISO 27001 framework, has been defined. An Elastic Information Security Governance Policy has been drafted which defines the documents below, and are currently under review: Privacy policy Access Control Standard Asset Management Standard Change Management Standard Vulnerability Management Standard Data Classification Standard Security Analysis and Logging Standard Incident Management Standard Supplier Assessment Standard These are expected to be approved and implemented in 2018.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Elastic's draft Information Security Governance Policy has been drafted, and is currently under review, and is expected to be approved and adopted in 2018. This policy specifies a Change Management Standard which also includes a section on the Systems Development Life Cycle. The Elastic Cloud team change process is defined within their Github repositories. Process requires that every "service deployment" undergoes a review cycle and forms a permanent record tagged with the details of the service deployment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The process follows CVE since it is an industry standard, and we also have an exception process to account for risk management & mitigating controls. Elastic maintains a documented public process for submitting vulnerabilities and security-related issues at https://www.elastic.co/community/security. The company follows a documented process on responding to vulnerability and other security-related reports. The company has created a team of the most security-knowledgeable people on each product collaborating to evaluate and respond to reports in a private mailing list. The company also publishes vulnerabilities via Bugtraq and also public announcements at https://discuss.elastic.co/c/security-announcements.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Elastic's Information Security Governance Policy has been drafted, and is currently under review, and is expected to be approved and adopted in 2018. It is generally aligned to ISO 27001. This policy specifies an incident Management Standard and associated processes, which are expected to be implemented in 2018. These specify: - How Elastic identifies potential compromises - The process for responding to potential compromises - How quickly Elastic responds to incidents
Incident management type Supplier-defined controls
Incident management approach Elastic's Information Security Governance Policy has been drafted, and is currently under review, and is expected to be approved and adopted in 2018. It is generally aligned to ISO 27001. This policy specifies an incident Management Standard and associated processes, which are expected to be implemented in 2018 and take into account ISO/IEC 27035:2016 and NIST.SP.800-61r2. These specify: - predefined processes for common events - how users should report incidents - customer communications when customers are affected, on a case by case basis, including private meetings to review events We are working on certification for SOC2 Type 2 compliance.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £12.28 per gigabyte
Discount for educational organisations No
Free trial available Yes
Description of free trial Elastic Cloud offers a 14-day trial cluster (4 GB RAM / 96 GB SSD / 2 HA).
Link to free trial https://www.elastic.co/cloud/elasticsearch-service/signup

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑