Splunk Cloud Platform

Migration to Splunk cloud

z080236
Explorer

Two concerns come when moving on-prem data to the cloud:

 

1. Data sensitivity- What if confidential data is lost? (in transit or at rest)

2. Authentication - Login into the cloud, there is no 2FA or anything, just username and password, and the user can just login like this.

 

Would like to ask cloud users how do you manage to overcome these 2 concerns when shifting your data to Splunk cloud?

Labels (1)
0 Karma

Gr0und_Z3r0
Contributor

1.  Splunk cloud uses TLS 1.2/SSL  for data in transit.
https://www.splunk.com/en_us/about-splunk/splunk-data-security-and-privacy.html 
2.  You can configure SAML authentication with Splunk Cloud  or enable 2FA - Duo Security as per your requirement
https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/SAMLConfigJWT 
https://duo.com/docs/splunk#configure-duo-for-splunk-6.5-and-later 

Any confidential data/PII must be ideally masked as per normal standards for governance and compliance purposes, unless there's a business use case for it requiring the data to be stored and processed in cloud.

0 Karma

z080236
Explorer

1. Will like to explore more secure way on top of just TLSv1.2

If data must be masked, might as well deploy on-prem. 

2.SAML authentication seems complicated, the link does not show how to configure SAML authentication for Duo

 

Here shows Splunk cloud can't configure MFA

https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/AboutMultiFactorAuth

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...