Elasticsearch offers encryption at rest (on disk) and in transit (between servers). So why are these data breaches so common?
There are a couple of reasons:
#1 Elasticsearch does not allow you to search data while it’s encrypted. “In order to search the data, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “This, of course, compromises security.”
#2 Unprotected apps running on top of your Elasticsearch clusters pose security risks. “Take Kibana, for instance,” explains Selvaraj. “Kibana is an open source analytics and visualization platform. It’s browser based and fetches data from your Elasticsearch databases so you can do advanced analysis on the data, and then present it visually with charts, tables and maps.” Although admins can securely configure Kibana, he explains, many don’t do it properly and there isn’t sufficient security baked in.