Security built for your environment.
Elastio deploys using read-only API access. No agents. No write access. This page documents our security program, certifications, and how to access full documentation.
Security Program
Internal security controls.
End-to-end controls across identity, infrastructure, development, detection, and compliance.
SSO enforced. Phishing-resistant FIDO2 MFA required. IAM roles and short-lived tokens for cloud access. Just-in-time production access — no standing privileges. Zero-trust network access for remote connections.
Production runs as immutable infrastructure managed through IaC. All configuration changes undergo automated security checks and approval. Unauthorized changes auto-detected and escalated.
Automated secret scanning, SAST, DAST, and container image scanning on every build. Mandatory peer review. Security design reviews for new features. Threat modeling integrated into engineering.
SIEM ingests telemetry from corporate, development, and production environments. Detections routed to on-call engineers via paging. Global security team for triage and remediation.
Continuous scanning across infrastructure and dependencies. Severity-based remediation SLAs. Critical findings resolved before release. Annual third-party penetration test.
All vendors handling customer data assessed before onboarding. Subprocessor list maintained. DPA terms available for regulated environments. Annual review cycle for critical suppliers.
Annual SOC 2 Type II audit covering security, availability, and confidentiality. AWS-validated Security and Storage Competencies. All audit reports available to customers on request.
TLS 1.2+ in transit. AES-256 at rest. AWS KMS and Azure Key Vault for key management. CMK supported. Automated controls prevent keys from being stored through unapproved channels.
Certifications
Current certifications and attestations.
Third-party validated security posture across cloud and enterprise standards.
.png?2025-08-28T13:53:45.332Z){kind=logo}
Security, Availability, Confidentiality · Annual · Platform and internal operations · Report available under NDA
Request Report
AWS-validated security proficiency · Publicly verifiable on APN
View on APN
AWS-validated storage expertise · Publicly verifiable on APN
View on APN
Security, reliability, operational excellence, performance, cost · Publicly verifiable on APN
View on APNDocumentation
Available to customers and evaluators.
Full platform security documentation accessible via the support portal. Evaluators provisioned within one business day.
Full documentation available in the support portal. Verified customers access directly. Evaluators and prospects request access below — provisioned within one business day.
Disclosure & Contact
Security team.
Responsible disclosure, vendor questionnaires, and direct security contact.
Report a security vulnerability in the Elastio platform. Include: description, reproduction steps, and potential impact. Acknowledgment within 24 hours, remediation timeline within 72 hours. No public bug bounty program.
security@elastio.com →Security questionnaires, pen test authorization requests, audit support, and documentation not covered by the portal. CAIQ, SIG Lite, and custom formats supported. Standard turnaround 5 business days.
security@elastio.com →Security Review
Request the SOC 2 report, security questionnaire, or a direct call with the security team. Reach us at security@elastio.com or through the contact form.