Splunk Cloud Platform

Migration to Splunk cloud

z080236
Explorer

Two concerns come when moving on-prem data to the cloud:

 

1. Data sensitivity- What if confidential data is lost? (in transit or at rest)

2. Authentication - Login into the cloud, there is no 2FA or anything, just username and password, and the user can just login like this.

 

Would like to ask cloud users how do you manage to overcome these 2 concerns when shifting your data to Splunk cloud?

Labels (1)
0 Karma

Gr0und_Z3r0
Communicator

1.  Splunk cloud uses TLS 1.2/SSL  for data in transit.
https://www.splunk.com/en_us/about-splunk/splunk-data-security-and-privacy.html 
2.  You can configure SAML authentication with Splunk Cloud  or enable 2FA - Duo Security as per your requirement
https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/SAMLConfigJWT 
https://duo.com/docs/splunk#configure-duo-for-splunk-6.5-and-later 

Any confidential data/PII must be ideally masked as per normal standards for governance and compliance purposes, unless there's a business use case for it requiring the data to be stored and processed in cloud.

0 Karma

z080236
Explorer

1. Will like to explore more secure way on top of just TLSv1.2

If data must be masked, might as well deploy on-prem. 

2.SAML authentication seems complicated, the link does not show how to configure SAML authentication for Duo

 

Here shows Splunk cloud can't configure MFA

https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/AboutMultiFactorAuth

 

0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...