Secure by Design ChaosSearch provides a full set of features to keep your data safe

ChaosSearch leverages best practices and technologies to deliver a highly secure service, including encrypting data in transit, support RBAC and SSO, and using storage-based isolation directly within your Amazon S3.

SSO

Single sign on (SSO)

ChaosSearch supports single sign-on (SSO) as a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. SSO can be used by enterprises, smaller organizations, and individuals to mitigate the management of various usernames and passwords.

Role-based access control (RBAC)

Granular, role-based access control (RBAC) enables you to control the actions a user can perform on your Elasticsearch cluster. Roles control cluster operations, access to indices, and even the fields and documents users can access. ChaosSearch RBAC also supports multi-tenant environments, allowing multiple teams to share the environment while only being able to access their team's data and dashboards.

RBAC-graphic
Chaos-Audit

Audit logging

With audit logging, you can record and track all the actions performed by users in your ChaosSearch environment and monitor any suspicious activity, which is essential for security incident response. Audit logging also helps you remain compliant with government and industry regulations such as GDPR, HIPAA, PCI, and ISO.

Encryption

Encryption in-transit is essential to prevent your data from being intercepted when in-transit from your clients or between nodes within your cluster. Open Distro for Elasticsearch supports OpenSSL and TLS 1.2, allowing you to meet stringent security and compliance requirements while providing easy integration with your PKI infrastructure.

key-distro-graphics_v01_encryption
Storage-Isolation

Storage-based isolation

ChaosSearch leverages Amazon S3 and its associated access control policy constructs to isolate customers. The ability to control visibility from the storage layer (i.e. where the data actually resides), in a central location, is the most secure and simplest mode to operate. And with S3’s advance Identify and Access Management (IAM) functionality and roles, the combination of storage-base folder structure isolation together with an IAM’s Role Based Access Control (RBAC) overlay, is a perfect match.

 

Please visit our security page for information on our security and compliance certifications.