Guiding Principles

Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are dedicated to keeping your data secure and private. We are committed to adhering to global and industry compliance initiatives. We prepare for incidents, and we help you prepare, respond to and remediate the consequences of any incidents.

Security by Design

Security and compliance are top-of-mind throughout our development process. Our products are designed to meet your data handling needs, with access controls, auditability, assurance of data integrity, and integration with enterprise single-sign on solutions.

Training and Internal Policies

It’s not enough to build secure products. Every person at an organization is responsible for making sure data is secure. We train employees on policies and procedures for secure data handling, and use physical and procedural safeguards to help keep our facilities and equipment secure.

Meeting International and Industry Standards

Splunk complies with both industry and international security standards.This includes participating in rigorous third-party audits that verify security controls for our cloud solutions.




The Details

Granular Access and Audit Controls

Role-based access and audit controls allow you to control and monitor the actions your Splunk users can take, and what data, tools and dashboards they can access.

  • Learn more about configuring role-based user access and audit controls.
  • You can build your own roles to map to your organization’s data access policies for different classes of users. You can also map Lightweight Directory Access Protocol (LDAP) or Security Assertion Markup Language (SAML) groups to different roles.

User Authentication

Splunk on-premises and cloud deployments support SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Splunk can also integrate with other authentication systems, including LDAP, Active Directory and e-Directory.


Data Encryption In-Transit

Splunk Cloud uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.

  • In Splunk on-premises deployments, you can use your own SSL certifications. Learn more here.

Data Encryption At-Rest

Splunk Cloud offers data encryption at rest using Advanced Encryption Standard (AES) 256-bit encryption. Encryption at rest is available as a premium service enhancement that customers can purchase.


Secure Data Access and Transport

Splunk on-premises and cloud software supports advanced anonymization to mask your confidential data from data analysis results and queries. Learn more about data anonymization. Splunk also secures user access with protocols such as HTTPS, or for on-premises deployments, Secure Shell (SSH) for command-line access.


Intrusion Detection

Splunk Cloud employs Host-based Intrusion Detection, which logs attempted access, and is reinforced with automatic alerts that are configured to trigger incident management procedures in certain cases.

  • Splunk collects its own log, event, and sensor-based data to continuously monitor, detect, and investigate suspicious activity as permitted by law.

Data Segregation for Splunk Cloud

Splunk Cloud deployments run in a secured environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.


Security for Splunk On-Premises Installations

Customers are responsible for the security of on-premises Splunk installations behind their firewall. To the extent Splunk personnel engaged in support or professional services are provided access to customer systems or facilities, Splunk personnel are subject to confidentiality obligations under Splunk’s customer agreements. Splunk personnel typically provide their configuration or other professional services directly on the customer devices behind the customer’s firewall.


Cyber Incident Response Plan (CIRP)

Splunk’s Cyber Incident Response Plan (CIRP) provides a framework for identifying, containing, and eradicating security incidents that may happen within our company. The CIRP establishes the actions and procedures that allow Splunk to prepare for incidents, initiate responsive action, remediate any consequences of an incident, and document lessons learned for iteration and improvement of internal processes. Splunk routinely tests its CIRP using a combination of spot checks, live simulations, and periodic training.


Data Integrity

With Splunk Enterprise, indexed data can be hashed to ensure fidelity over time, giving you confidence that your data hasn’t been altered. Individual events and streams of events can be signed. Splunk Enterprise also provides message integrity measures that show whether an event has been inserted or deleted from the original stream.


Secure Data Access Handling

Splunk software provides secure data handling, access controls, auditability, assurance of data integrity and integration with enterprise single sign-on solutions.


Vendors

Splunk retains suppliers, sub-processors, and other vendors (“Vendors”) who may perform services for Splunk or for customers on Splunk’s behalf. Each Vendor is required to provide a detailed assessment of their security protocols by completing a vendor risk assessment. Splunk only retains those Vendors that meet Splunk’s stringent security criteria and who provide at least the same level of protection to customer data as does Splunk

  • When performing services at Splunk facilities, Vendors may only access the available Splunk guest network unless otherwise explicitly authorized. Periodically, Splunk may re-evaluate its Vendor’s security posture to help ensure compliance with evolving privacy and security policies and procedures.

Transparent Data Privacy Policy

We are committed to communicating how we collect, use, and disclose information you provide to us. Additional details including what data we collect, how we collect it, what we do with it, and how you can opt out are available on Splunk’s Privacy Policy.


Privacy Shield

The U. S. Department of Commerce, together with the European Commission, implemented the Privacy Shield Framework to provide an adequacy mechanism for the transfer of personal data from the European Economic Area to the United States. Splunk self-certified to the EU-U.S. Privacy Shield in September 2016.


Dedicated Data Protection Officer

Splunk employs a full-time DPO who is responsible for overseeing the collection and use of data at Splunk.


Security Certifications and Attestations (SOC2 Type II, SOC3, and ISO 27001)

Splunk Cloud maintains a comprehensive security program designed to protect your data’s confidentiality, integrity, and availability in accordance with the highest industry standards. Splunk Cloud has been certified by independent third-party auditors to meet SOC2 Type II, SOC3, and ISO 27001 security standards.


SOC 2 Type II Report

Splunk Cloud undergoes annual Service Organization Controls 2 (SOC 2) Type II audits to evaluate its information security system controls as they relate to the Security, Availability, and Confidentiality of the Trust Services Principles.


SOC 3 Report

Splunk Cloud undergoes annual Service Organization Controls assessment (SOC 3). The SOC3 public report is published to confirm that the security controls for Splunk Cloud have been examined by an independent audit firm.


ISO 27001 Certification

Splunk Cloud achieved the International Organization for Standardization’s information security standard 27001 (ISO 27001) certification in December 2015. ISO 27001 is a specification that outlines security requirements for an information security management system (ISMS). Splunk’s auditors ISO certification can be found here.


Common Criteria

Splunk Enterprise meets the National Information Assurance Partnership (NIAP) for Common Criteria requirements, found here.


Still Have Questions?