Elastic ties security platform to Google's air-gapped cloud

Elastic has integrated its security platform with Google Distributed Cloud air-gapped environments, positioning it as a built-in security layer for organisations running sensitive workloads in isolated systems.

The collaboration centres on Google Distributed Cloud air-gapped, a managed environment for customers that need systems disconnected from the internet while maintaining tight control over data and operations. In those environments, Elastic's security platform provides analytics, automation, and extended detection and response tools for customers facing increasingly complex cyber threats.

The move targets organisations in regulated sectors that operate under strict sovereignty and compliance rules, including defence, government, and critical infrastructure. Air-gapped systems are common in these settings because they are physically or logically separated from external networks. That isolation, however, can make monitoring and incident response more difficult.

The integrated setup combines security information and event management, extended detection and response, and automation in a single platform. Artificial intelligence tools are also built into prevention, detection, and response functions within those disconnected environments.

The approach reflects a broader shift among security suppliers and cloud providers as public sector and regulated industry customers seek modern tools without weakening controls over where data resides and how it is handled. It also comes as governments and large institutions face growing pressure to respond to cyber threats that are becoming more automated.

Google described the collaboration as an added security layer for customers with stringent sovereignty requirements.

"Google Distributed Cloud air-gapped is a fully managed solution that empowers organizations to innovate securely while addressing their most stringent sovereignty and regulatory requirements," said Rohan Grover, Senior Director, Product at Google Distributed Cloud.

"For organizations requiring an additional layer of security, Elastic's agentic security operations platform brings enhanced data security and data sovereignty capabilities to customers, helping them to combat modern, AI-driven cyber threats," Grover added.

Regulated sectors

The integrated platform is intended to help customers meet strict regulatory requirements at both the application and data layers, including support for log retention and data visibility. It is also designed to reduce oversight gaps by bringing multiple security functions into one platform, cutting the operational burden of managing many separate tools.

Analysts in security operations centres can use embedded AI tools, including Attack Discovery and AI Assistant, within the air-gapped environment. According to Elastic, those functions can work with Google large language models in isolated deployments.

That matters for operators of disconnected systems because many AI-based security tools rely on cloud connectivity that is unavailable in sovereign or isolated settings. Air-gapped deployments, by contrast, are intended to preserve that separation while still providing automation and data analysis tools to support threat and incident investigations.

Mike Nichols, General Manager, Security at Elastic, said the integration is aimed at organisations operating under those constraints.

"Security teams in highly regulated, air-gapped environments face growing challenges detecting and responding to AI-driven threats while maintaining strict data sovereignty and compliance requirements," said Mike Nichols, General Manager, Security at Elastic. "This integration brings a unified, agentic security operations platform designed to meet those demands."

Broader context

The announcement comes as sovereign cloud and isolated computing environments draw greater attention in national security and public sector technology planning. Governments are looking for ways to modernise ageing systems while keeping sensitive workloads under domestic control and inside tightly governed environments.

In Australia, the debate has intensified around defence modernisation and the use of artificial intelligence in sensitive systems. Defence and public sector agencies are under pressure to strengthen cyber resilience and data handling while ensuring critical systems can operate in constrained or disconnected conditions.

Elastic pointed to earlier work in sensitive government environments to show it already operates in heavily regulated settings. In late 2025, the company partnered with the Cybersecurity and Infrastructure Security Agency and ECS to standardise cybersecurity monitoring across US federal agencies, with CISA using Elastic to provide SIEM-as-a-service across Federal Civilian Executive Branch agencies.

According to Elastic, that earlier work focused on reducing costs linked to data access and retention, suggesting a broader strategy to deepen its presence in government security operations. The Google Distributed Cloud integration extends that effort into environments where disconnection and sovereignty requirements are central design constraints rather than secondary considerations.

Google and Elastic are effectively betting that customers in defence, government, and other tightly regulated sectors want modern security operations tools delivered within infrastructure that does not depend on conventional public cloud access. The challenge for both companies will be to show those tools can operate effectively in isolated systems where procurement cycles are long, controls are strict, and operational risk is high.

Elastic said the integrated Google Distributed Cloud air-gapped offering will be generally available in May 2026.