Recent incidents have highlighted the vulnerability of sensitive data stored in Elasticsearch clusters, often due to the lack of built-in authentication in Elasticsearch and Kibana, which are accessible via a REST API over HTTP. To mitigate security risks, a common approach is to deploy nginx as a reverse proxy with basic authentication in front of Elasticsearch and Kibana. This involves configuring Elasticsearch and Kibana to bind to localhost, changing their default ports, and setting up nginx with authentication credentials. Although this solution closes some security gaps, it does not address all potential vulnerabilities, suggesting that a managed service like Logz.io, which offers comprehensive security features, might be more suitable for production environments. The article also hints at future enhancements, such as incorporating SSL for encrypted traffic, to further bolster security.