Hi,

In terms of general OS hardening and communication between Splunk servers - this will be covered and dealt with by the Splunk team. This page has a section on security which might be appropriate: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Service/SplunkCloudservice

A few of the things to note -

* You are in control of your own Role-Based-Access-Control (RBAC) policies and procedures, such as ensuring an appropriate password policy is set, users have the right groups etc. 
* You cannot use the same MFA options available on-prem (such as Duo) - Instead you should consider using SAML auth and connecting to a system that allows MFA (such as Azure ActiveDirectory).* You're also responsible for the elements that sit outside the SplunkCloud environment, such as heavy forwarders - these will need securing in the usual way. Splunk do provide a client certificate for connecting to the SplunkCloud index tier for sending your data securely.
* Only SplunkCloud approved apps can be used. Most apps (typical those not containing any (python) code) will pass automated vetting without any issues, however some may require manual vetting by the CloudOps/Support team who will check it for security compliance etc. This is to protect you from uploading anything that could cause harm to your environment, but also to allow Splunk to provide the level of service promised.

I hope this helps!