Splunk Cloud Platform

Migration to Splunk cloud

z080236
Explorer

Two concerns come when moving on-prem data to the cloud:

 

1. Data sensitivity- What if confidential data is lost? (in transit or at rest)

2. Authentication - Login into the cloud, there is no 2FA or anything, just username and password, and the user can just login like this.

 

Would like to ask cloud users how do you manage to overcome these 2 concerns when shifting your data to Splunk cloud?

Labels (1)
0 Karma

Gr0und_Z3r0
Contributor

1.  Splunk cloud uses TLS 1.2/SSL  for data in transit.
https://www.splunk.com/en_us/about-splunk/splunk-data-security-and-privacy.html 
2.  You can configure SAML authentication with Splunk Cloud  or enable 2FA - Duo Security as per your requirement
https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/SAMLConfigJWT 
https://duo.com/docs/splunk#configure-duo-for-splunk-6.5-and-later 

Any confidential data/PII must be ideally masked as per normal standards for governance and compliance purposes, unless there's a business use case for it requiring the data to be stored and processed in cloud.

0 Karma

z080236
Explorer

1. Will like to explore more secure way on top of just TLSv1.2

If data must be masked, might as well deploy on-prem. 

2.SAML authentication seems complicated, the link does not show how to configure SAML authentication for Duo

 

Here shows Splunk cloud can't configure MFA

https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/AboutMultiFactorAuth

 

0 Karma
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...