Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Apr. 30, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We integrate our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats into our enterprise risk management program, which references aspects of recognized frameworks such as the National Institute of Standards and Technology Cybersecurity Framework and entails assessments against applicable standards such as ISO 27001, SOC 2, PCI, and FedRAMP. Our cybersecurity program encompasses the key elements described below: Collaboration. We employ a cross-functional, risk-based approach to identify and address anticipated and real-time threats to our cybersecurity. Our internal security, risk, and compliance personnel meet regularly to develop strategies for preserving the confidentiality, integrity and availability of corporate, customer, and other third-party information, identifying, preventing and mitigating cybersecurity threats, and effectively responding to cybersecurity events and incidents. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents, if applicable, can be made in a timely manner. Our in-house global threat research team, Elastic Security Labs, a team of security engineers, practitioners, and researchers, works to identify and prevent emerging threats, using malware reverse engineering, behavior analytics, data science and AI. We use the research generated by Elastic Security Labs and other sources to implement security checks and reviews throughout our product development lifecycle. Risk Assessment. At least annually, we conduct a cybersecurity risk assessment that takes into account information from our internal security, risk, and compliance functions, known information security vulnerabilities, and information from external sources, including reported security incidents that have affected other companies, industry trends, and evaluations by third parties and consultants. We also conduct risk-based cybersecurity tabletop exercises periodically to test our internal readiness and response planning. Incident Response and Recovery Planning. Our cybersecurity program includes a dedicated cybersecurity function led by our Chief Information Security Officer (“CISO”). As part of our cybersecurity function, our Distributed Security Response Team (“DSRT”) administers a program to monitor, detect, investigate, respond to, and escalate management of internal and external cybersecurity threats and incidents. The DSRT provides threat intelligence information from internal and external resources to our CISO, broader security and resiliency organization, and relevant business units and functional areas as one source within our risk assessment process. Our cybersecurity function partners closely with our Data Privacy organization, led by the Business Integrity Officer, and others within the Legal organization to ensure prompt response on data breach and any other regulatory notification requirements. We have incident response and recovery plans that we test and evaluate for effectiveness in accordance with industry standards. Third-Party Risk Management. We have implemented controls designed to identify and mitigate cybersecurity threats associated with our use of certain third-party service providers. These providers are subject to security risk assessments, including open-source security review procedures, at the time of onboarding, contract renewal, and upon detection of a significant increase in risk profile. We use a variety of inputs in the risk assessments, including information supplied by providers and third parties. In addition, we require these providers to meet appropriate security requirements, controls and responsibilities, and we investigate security incidents that have impacted our third-party providers. Education and Awareness. Our policies require each of our employees to contribute to our data security efforts. We regularly reinforce with our employees the importance of handling and protecting customer and employee data, including through mandatory annual privacy, security and responsible AI use training to enhance employee awareness of how to detect and respond to cybersecurity threats. We also perform periodic phishing tests for groups with critical access. External Assessments. Our cybersecurity program is regularly assessed by consultants and third-party auditors. These assessments include information security maturity evaluations, audits, and independent reviews of our information security control environment and operating effectiveness. The results of significant assessments are reported to management and then summarized for presentation to our Audit Committee and board of directors. We adjust our cybersecurity processes based on these results. We have obtained industry certifications and attestations that demonstrate our dedication to protecting the data our customers entrust to us. Information about such certifications can be found on our website.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We integrate our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats into our enterprise risk management program, which references aspects of recognized frameworks such as the National Institute of Standards and Technology Cybersecurity Framework and entails assessments against applicable standards such as ISO 27001, SOC 2, PCI, and FedRAMP. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our board of directors oversees the Company’s risk management process. It has delegated to our Audit Committee the primary responsibility for executing oversight of our cybersecurity risk management processes. In performing this role, the Audit Committee receives regular reports from our CISO and other members of management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. The Audit Committee also considers regular updates from management on our cybersecurity risk profile based on risk assessments, progress of risk reduction initiatives, third-party auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents. The Audit Committee reports quarterly to our board of directors regarding the Audit Committee’s activities in overseeing cybersecurity risk management. The Audit Committee generally receives materials, including a cybersecurity scorecard and other materials indicating current and emerging cybersecurity threat risks and describing our ability to mitigate those risks, and discusses such matters with our CISO. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors oversees the Company’s risk management process. It has delegated to our Audit Committee the primary responsibility for executing oversight of our cybersecurity risk management processes. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | In performing this role, the Audit Committee receives regular reports from our CISO and other members of management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. The Audit Committee also considers regular updates from management on our cybersecurity risk profile based on risk assessments, progress of risk reduction initiatives, third-party auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents. The Audit Committee reports quarterly to our board of directors regarding the Audit Committee’s activities in overseeing cybersecurity risk management. The Audit Committee generally receives materials, including a cybersecurity scorecard and other materials indicating current and emerging cybersecurity threat risks and describing our ability to mitigate those risks, and discusses such matters with our CISO. |
| Cybersecurity Risk Role of Management [Text Block] | Our cybersecurity program efforts are directed by our CISO who, with the support of the Chief Financial Officer, the Chief Product Officer, and the Chief Legal Officer, has the primary responsibility for assessing and managing material cybersecurity risks. The CISO along with these members of our management, who also have received training and have experience with cybersecurity, acting as a group, drive alignment on security decisions across the Company. The CISO and various members of this group generally meet quarterly with the Audit Committee to review security performance metrics, identify security risks and review mitigation strategies, and assess the status of approved security enhancements. Our CISO has served in various roles in IT, information security and risk management for over 28 years, including serving as the Information Security Officer and Chief Security Officer of multiple companies. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity program efforts are directed by our CISO who, with the support of the Chief Financial Officer, the Chief Product Officer, and the Chief Legal Officer, has the primary responsibility for assessing and managing material cybersecurity risks. The CISO along with these members of our management, who also have received training and have experience with cybersecurity, acting as a group, drive alignment on security decisions across the Company. The CISO and various members of this group generally meet quarterly with the Audit Committee to review security performance metrics, identify security risks and review mitigation strategies, and assess the status of approved security enhancements. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO has served in various roles in IT, information security and risk management for over 28 years, including serving as the Information Security Officer and Chief Security Officer of multiple companies. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our cybersecurity program efforts are directed by our CISO who, with the support of the Chief Financial Officer, the Chief Product Officer, and the Chief Legal Officer, has the primary responsibility for assessing and managing material cybersecurity risks. The CISO along with these members of our management, who also have received training and have experience with cybersecurity, acting as a group, drive alignment on security decisions across the Company. The CISO and various members of this group generally meet quarterly with the Audit Committee to review security performance metrics, identify security risks and review mitigation strategies, and assess the status of approved security enhancements. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |