Migration to Splunk cloud

z080236 · ‎12-02-2021

Two concerns come when moving on-prem data to the cloud:

1. Data sensitivity- What if confidential data is lost? (in transit or at rest)

2. Authentication - Login into the cloud, there is no 2FA or anything, just username and password, and the user can just login like this.

Would like to ask cloud users how do you manage to overcome these 2 concerns when shifting your data to Splunk cloud?

Gr0und_Z3r0 · ‎12-02-2021

1. Splunk cloud uses TLS 1.2/SSL for data in transit.
https://www.splunk.com/en_us/about-splunk/splunk-data-security-and-privacy.html
2. You can configure SAML authentication with Splunk Cloud or enable 2FA - Duo Security as per your requirement
https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/SAMLConfigJWT
https://duo.com/docs/splunk#configure-duo-for-splunk-6.5-and-later

Any confidential data/PII must be ideally masked as per normal standards for governance and compliance purposes, unless there's a business use case for it requiring the data to be stored and processed in cloud.

z080236 · ‎12-02-2021

1. Will like to explore more secure way on top of just TLSv1.2

If data must be masked, might as well deploy on-prem.

2.SAML authentication seems complicated, the link does not show how to configure SAML authentication for Duo

Here shows Splunk cloud can't configure MFA