Splunk Data Security and Privacy | Splunk

Splunk Protects

Data Privacy. Security. Compliance.
These matter to you. And they are imperative to us.
Guiding Principles

Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are dedicated to keeping your data secure and private. We are committed to adhering to global and industry compliance initiatives. We prepare for incidents, and we help you prepare, respond to and remediate the consequences of any incidents.

Security by Design

Security and compliance are top-of-mind throughout our development process. Our products are designed to meet your data handling needs, with access controls, auditability, assurance of data integrity, and integration with enterprise single-sign on solutions.

Training and Internal Policies

It’s not enough to build secure products. Every person at an organization is responsible for making sure data is secure. We train employees on policies and procedures for secure data handling, and use physical and procedural safeguards to help keep our facilities and equipment secure.

Meeting International and Industry Standards

Splunk complies with both industry and international security standards.This includes participating in rigorous third-party audits that verify security controls for our cloud solutions.

The Details

Granular Access and Audit Controls

Role-based access and audit controls allow you to control and monitor the actions your Splunk users can take, and what data, tools and dashboards they can access.

  • Learn more about configuring role-based user access and audit controls.
  • You can build your own roles to map to your organization’s data access policies for different classes of users. You can also map Lightweight Directory Access Protocol (LDAP) or Security Assertion Markup Language (SAML) groups to different roles.

User Authentication

Splunk on-premises and cloud deployments support SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Splunk can also integrate with other authentication systems, including LDAP, Active Directory and e-Directory.

  • Learn how to configure single sign-on in on-premises environments with SAML.
  • Learn how to configure single sign-on in Splunk Cloud with SAML.

Data Encryption In-Transit

Splunk Cloud uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.

  • In Splunk on-premises deployments, you can use your own SSL certifications. Learn more here.

Data Encryption At-Rest

Splunk Cloud offers data encryption at rest using Advanced Encryption Standard (AES) 256-bit encryption. Encryption at rest is available as a premium service enhancement that customers can purchase.

Secure Data Access and Transport

Splunk on-premises and cloud software supports advanced anonymization to mask your confidential data from data analysis results and queries. Learn more about data anonymization. Splunk also secures user access with protocols such as HTTPS, or for on-premises deployments, Secure Shell (SSH) for command-line access.

Intrusion Detection

Splunk Cloud employs Host-based Intrusion Detection, which logs attempted access, and is reinforced with automatic alerts that are configured to trigger incident management procedures in certain cases.

  • Splunk collects its own log, event, and sensor-based data to continuously monitor, detect, and investigate suspicious activity as permitted by law.

Data Segregation for Splunk Cloud

Splunk Cloud deployments run in a secured environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data. For more on Splunk Cloud security, see the Splunk Cloud Security Addendum.

Security for Splunk On-Premises Installations

Customers are responsible for the security of on-premises Splunk installations behind their firewall. To the extent Splunk personnel engaged in support or professional services are provided access to customer systems or facilities, Splunk personnel are subject to confidentiality obligations under Splunk’s customer agreements. Splunk personnel typically provide their configuration or other professional services directly on the customer devices behind the customer’s firewall.

  • Learn more about securing your Splunk configuration.

Splunk Incident Response Framework (SIRF)

The Splunk Incident Response Framework (SIRF) establishes the actions and procedures that help Splunk prepare for and respond to security incidents, including how to initiate responsive action, remediate any consequences, and document lessons learned for iteration and improvement of internal processes. Splunk tests its SIRF using a combination of planned reviews, live simulations, and periodic training.

Data Integrity

With Splunk Enterprise, indexed data can be hashed to ensure fidelity over time, giving you confidence that your data hasn’t been altered. Individual events and streams of events can be signed. Splunk Enterprise also provides message integrity measures that show whether an event has been inserted or deleted from the original stream.

  • Learn more about managing data integrity.

Secure Data Access Handling

Splunk software provides secure data handling, access controls, auditability, assurance of data integrity and integration with enterprise single sign-on solutions.


Splunk retains suppliers, sub-processors, and other vendors (“Vendors”) who may perform services for Splunk or for customers on Splunk’s behalf. Each Vendor is required to provide a detailed assessment of their security protocols by completing a vendor risk assessment. Splunk only retains those Vendors that meet Splunk’s stringent security criteria and who provide at least the same level of protection to customer data as does Splunk.

  • When performing services at Splunk facilities, Vendors may only access the available Splunk guest network unless otherwise explicitly ized. Periodically, Splunk may re-evaluate its Vendor’s security posture to help ensure compliance with evolving privacy and security policies and procedures.

Transparent Data Privacy Policy

We are committed to communicating how we collect, use, and disclose information you provide to us. Additional details including what data we collect, how we collect it, what we do with it, and how you can opt out are available on Splunk’s Privacy Policy.

Privacy Shield

The U.S. Department of Commerce, together with the European Commission and the Swiss Administration, implemented the Privacy Shield Framework to provide an adequate mechanism to enable the transfer of personal data from the European Economic Area, the United Kingdom, and Switzerland to the United States. Splunk is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

July 16, 2020: Splunk is examining the decision of the European Court of Justice rendered on July 16, 2020, invalidating the EU-U.S. Privacy Shield Framework, and determining appropriate next steps.

  • Splunk’s Privacy Shield certification covers the transfer of both HR and Customer data to the United States.

Dedicated Data Protection Officer

Splunk employs a full-time DPO who is responsible for overseeing the collection and use of data at Splunk.

Security Certifications and Attestations (SOC2 Type II and ISO 27001)

Splunk Cloud maintains a comprehensive security program designed to protect your data’s confidentiality, integrity, and availability in accordance with the highest industry standards. Splunk Cloud has been certified by independent third-party auditors to meet SOC2 Type II and ISO 27001 security standards.

SOC 2 Type II Report

Splunk Cloud undergoes annual Service Organization Controls 2 (SOC 2) Type II audits to evaluate its information security system controls as they relate to the Security, Availability, and Confidentiality of the Trust Services Principles.

ISO 27001 Certification

Splunk Cloud achieved the International Organization for Standardization’s information security standard 27001 (ISO 27001) certification in December 2015. ISO 27001 is a specification that outlines security requirements for an information security management system (ISMS). Splunk’s auditors ISO certification can be found here.

FIPS 140-2 Certification

The Splunk Enterprise cryptographic module achieved Federal Information Processing Standard 140-2 validation (FIPS 140-2: crypto modules, level 1 certificate #3126). Splunk Enterprise and Splunk Cloud leverage the FIPS 140-2 validated Splunk Cryptographic Module for the protection of sensitive information when deployed on any compliant operating system.

FedRAMP ized

Splunk Cloud is FedRAMP ized by the General Services Administration FedRAMP PMO at a moderate impact level. This ization facilitates the use of Splunk Cloud by U.S. Federal Government agencies requiring cloud-based services up to the moderate security impact level. Additional details are available on the FedRAMP marketplace.

Common Criteria

Splunk Enterprise meets the National Information Assurance Partnership (NIAP) for Common Criteria requirements, found here.

What can you do with Splunk?
Ask an Expert