Converging Data

Splunk Cloud for Enterprise Logging, Analytics & Cyber Security

Splunk is the easy, fast and secure way to search, analyze and visualize the machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud.

Use Splunk Cloud and Enterprise in any combination and always have a unified view, and the same set of features.

Features

  • Cloud, hybrid or enterprise Deployment
  • Delivers Real-Time analytics - Dashboards Reports & Alerts
  • Collect and Index machine data from any location
  • Over 1000 custom apps from the Splunk Partner community
  • Specialist applications for Digital Health
  • Provides conformance, compliance and control over your data
  • Enterprise scalability, flexibility and performance
  • Splunk Enterprise Security SIEM Platform
  • Security Information and Event Management - SIEM Platform
  • Granular Access and Audit Controls

Benefits

  • Delivers real-time visibility of the service user experience
  • Troubleshoot performance or security incidents in minutes, not hours.
  • Collect and index any machine data from virtually any source.
  • Delivers the scalability, reliability and functionality you need
  • Find the relationships within your data.
  • Effective management of Cyber Security Incidents.
  • Deliver IOT solutions to manage processes and track equipment
  • Use visualisations of real-time data to empower decision makers
  • Use the dashboards to continually monitor events, conditions or KPIs.
  • Provides secure data handling, access controls, auditability and assurance.

Pricing

£700 a gigabyte a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.murphy@convergingdata.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 2 1 9 5 3 1 4 6 2 5 1 3 4 7

Contact

Converging Data Neil Murphy
Telephone: +44 113 4510 100
Email: neil.murphy@convergingdata.com

Service scope

Service constraints
Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
System requirements
  • Client access to Splunk Cloud services is via the browser.
  • Data gathering requires peer to peer access from source services

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 = Splunk Cloud Service is completely inaccessible.
P2 = One or more key features of Splunk Cloud Service unusable.
P3 = Any other case where a Splunk Cloud Service is not operating as documented or when a Splunk Cloud Service is being used within the purchased aggregate volumes and storage periods.
P4 = All enhancement requests.

Response Times
Initial Response & Acknowledgment, by case priority
P1: 2 hours
P2: Next business day
P3: Two business days (*Splunk Light)
P4: Two business days
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Splunk offers different response times and case handling based on case priority levels. These support levels are included within the Splunk license cost.

P1 = A Production Splunk installation is completely inaccessible or the majority of its functionality is unusable.
P2 = One or more important features of a Production Splunk installation has become unusable.
P3 = Any other case.
P4 = All enhancement requests.

Enterprise and Global Service Agreements
Response Time Status Update Fix or Workaround
P1 4 Hours Daily 1 Business Day
P2 Next Business Day Weekly 1 Week
P3 2 Business Days Next Release
P4 2 Business Days At Splunk's discretion

Support Hours
Support is provided via telephone, email and web portal. Support will be delivered by a member of Splunk's technical support team during the regional hours of operation listed below.

P1: 24 x 7
P2: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
P3: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays (*Splunk Light)
P4: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Splunk Instructor-led classes are available virtually or at your site. We schedule virtual classes of the complete Splunk curriculum at least once a month. The classes are delivered live via web broadcast and have hands-on exercises through remote servers. Virtual classes are taught in four to five-hour segments, so you can keep up with your day job, or spend time on extra lab work. Learn more about our virtual classroom. Dedicated virtual classes are also available.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.
End-of-contract process
The price of the contract includes access to the Splunk cloud service for an unlimited number of people.
The price of the contract defines the amount of data per day which can be added into the service.
Splunk platform support is included in the price of the service.
Additional professional services to develop new reports and dashboards or to provide data consulting, and analytics services are not included in the cost.

Using the service

Web browser interface
Yes
Using the web interface
All Splunk services are accessed via the web browser.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Standard web browsers such as chrome, internet explorer and firefox are supported. Navigation around the Splunk interface is simple and intuitive.

User dashboards and applications can be fully customised to meet accessibility requirements.
Web interface accessibility testing
To date, we have done no testing with assistive technology users.
API
Yes
What users can and can't do using the API
The Splunk REST API gives you access to the same information and functionality available to core system software and Splunk Web, which also use the API.

API functions fall into one of the following categories, which have different interface behavior:

Run searches.
Manage objects and configurations.
The REST API is organized around object and configuration resources. A resource is a single, named, object stored by splunkd, such as a job, a TCP raw input, or a saved search. Resources are grouped into collections. Each collection has some combination of resources and other collections.

The API conforms to the Representational State Transfer (REST) architectural style. A REST(ful) architecture has the following properties.

Separation of concerns, such as data storage and access mechanisms, between a client and server.
A stateless client-server interaction, where there is no concept of a session. Clients supply all information in server requests without relying on stored state on the server.
Optional data caching to improve request-response performance.
A generalized, uniform interface for simplicity.
A layered arrangement of architectural components. REST architecture components are arranged hierarchically, where child nodes are discoverable by parent nodes and contain their scope of information without reference to other nodes.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Services are deployed on fully independent AWS VPC containers, there is no resource contention.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Number of active instances
  • Other
Other metrics
  • Data Ingested
  • Splunk Infrastructure deployed
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Splunk

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Splunk has attained compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide.

SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes providing assurance about the systems that a company uses to protect customers' data.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
Mission-critical performance, scale and reliability - 100% uptime SLA
Backup controls
Service backups are not scheduled. The cloud service is delivered in a fully resilient configuration.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL. To encrypt data at rest, you can purchase AES 256-bit encryption for an additional charge. Keys are rotated regularly and monitored continuously.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Instance Security: Every Splunk Cloud deployment runs in a secured environment on a stable operating system and in a network that is hardened to industry standards using a default-deny firewall policy, which permits access only to specific IP addresses and services. Your deployment is regularly scanned for host- and application-level threats.

Isolation of Data and Service: In the cloud, data is logically isolated from other customers’ data, your performance and data integrity cannot be affected by other customers who are using the Splunk Cloud service.

Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL.

Availability and resilience

Guaranteed availability
Mission-critical performance, scale and reliability - 100% uptime SLA

Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
Approach to resilience
Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request.
Outage reporting
Email alerts are provided in the event of an outage.

Identity and authentication

User authentication
  • Username or password
  • Other
Other user authentication
Additional layers of security, and access via dedicated networks can be configured upon request.
Access restrictions in management interfaces and support channels
No access to OS level is provided for the Splunk cloud service. Any OS level access requires interaction with the platform support team,

Full RBAC controls are supported in the Splunk application allowing granular access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman & Company
ISO/IEC 27001 accreditation date
21/12/2016
What the ISO/IEC 27001 doesn’t cover
The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS)
supporting the Splunk Cloud systems that govern all client data under the control or ownership of Splunk Cloud and that
resides in its in-scope site, and in accordance with the statement of applicability Version 2.0, November 8, 2016.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Information security policies and processes
Splunk has attained a number of compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. The following attestations and certifications apply to Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day.

SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers' data.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information. (View certificate of verification.)

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
GENERAL
In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed.

ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST.

EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to Splunk through the Support portal, allocating the appropriate severity level.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£700 a gigabyte a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Your free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days.
If you like what you see, it’s simple to transition your trial instance to a production account.
Link to free trial
https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.murphy@convergingdata.com. Tell them what format you need. It will help if you say what assistive technology you use.