Security

What are the security differences between Splunk Enterprise and Splunk Cloud?

ema
New Member

I'd like to know from a security's perspective, what are the differences between Splunk Cloud and Splunk Enterprise version? Are they both PCI-DSS and HIPAA compliant? Are there any customers that use both Splunk Cloud and Enterprise on prem?

0 Karma
1 Solution

pgreer_splunk
Splunk Employee
Splunk Employee

Splunk Cloud (managed service) is nearing PCI and HIPAA compliance, we're getting close.

Keep an eye out on http://www.splunk.com/en_us/products/splunk-cloud.html for more information in the future on compliance.

There are many customers that utilize Cloud as well as On-Prem independently and some as well that perform hybrid (searching across on-prem and cloud).

For PCI and HIPAA compliance for on-prem, that is up to the customer. The Splunk core software is by itself not something that fits a compliance criteria as there is much more to compliance than just the software package (processes, procedures, reporting, auditing, security, roles and responsibilities, etc. etc. etc.).

View solution in original post

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@ema@costco.com - Did the answer provided by pgreer help provide a solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma

mjoseff_splunk
Splunk Employee
Splunk Employee

Hi, Ema, it looks like parts two and three of your questions are answered below; regarding part one, are there specific aspects of security you are curious about? Are you asking about the deployment (cloud vs on-prem) aspects or wondering if the software differs?

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

Splunk Cloud (managed service) is nearing PCI and HIPAA compliance, we're getting close.

Keep an eye out on http://www.splunk.com/en_us/products/splunk-cloud.html for more information in the future on compliance.

There are many customers that utilize Cloud as well as On-Prem independently and some as well that perform hybrid (searching across on-prem and cloud).

For PCI and HIPAA compliance for on-prem, that is up to the customer. The Splunk core software is by itself not something that fits a compliance criteria as there is much more to compliance than just the software package (processes, procedures, reporting, auditing, security, roles and responsibilities, etc. etc. etc.).

View solution in original post

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!