Splunk MINT: Security & Privacy

Last year, Splunk introduced Splunk MINT, which provides real-time operational intelligence for your mobile apps. In March, we announced a major update, where Splunk MINT delivers operational intelligence directly to your instance of Splunk Enterprise. From time to time, we get asked about the security implications of delivering operational intelligence from mobile apps to your enterprise, and we wanted to answer some of your most frequently asked questions.

How do mobile apps get uniquely identified?

Customers need to sign up at Splunk MINT Management Console at https://mint.splunk.com.   The customers get SDKs and API keys. The organization’s mobile developers will need to incorporate the SDKs into their mobile apps and initialize them with the API keys.  The APIs key uniquely identify applications belonging to the organization. The Splunk MINT SDKs collect data and send to the Splunk MINT Data Collector, a cloud service operated by Splunk.

How does my mobile data get to my instance of Splunk Enterprise?

Splunk® Enterprise owners can install the Splunk MINT app, which pulls raw data into a Splunk Enterprise installation. The app provides plenty of cool dashboards, and a data model. You can build your own searches and alerts. You can also correlate Splunk MINT data with non-mobile data source to gain end-to-end insight on transactions, or add business context to your mobile data.

What happens to the data collected by the Splunk MINT Data Collector?

Once the data is fetched, the cloud service deletes the raw data. Splunk MINT continues to store aggregated summaries about the performance of the customers’ mobile apps at the Splunk MINT Management Console. You can log into the Splunk MINT Management Console at https://mint.splunk.com.

This document details the security technologies and procedures in place to ensure customer data is always secure and protected in Splunk MINT.

Where does the Splunk MINT Data Collector reside, and how does it work?

The Splunk MINT Data Collector relies on a single-tenant service hosted in AWS. Every customer has a dedicated environment provisioned in order to meet the strictest enterprise security requirements. Dedicated environments ensure that your data is never co-mingled with data from another customer and assure that access to your data is strictly limited to provisioned users. The Splunk MINT data collector is created using highly secure, state of the art technologies used by many telecommunication and MNO providers. The lack of traditional web technology makes the Splunk MINT data collector less prune to common security attacks such as SQL injections.

Splunk MINT is designed to scale such that one customer’s behavior has no impact on other customers. This is essential to enterprises using MINT as a mission-critical service.

Is data transmission secure?

Splunk MINT SDKs and service implementations use strong TLS configurations to protect data in transit. 2048 bit SSL connectsions are used between mobile apps and the Splunk MINT Data Collector.

What about physical security?

All hosting providers used to support Splunk MINT are regularly certified by auditors for facility security.

What are the data Splunk MINT collects?

The Splunk MINT SDK do not collect any Personally Identifiable Information from the end users’ device & app. The basic data fields collected by the Splunk MINT SDKs are:

  • SDK Version
  • OS platform
  • OS Version
  • Device locale
  • A unique user identifier that is created by the Splunk MINT SDKs and cannot be linked to any unique user attributes such as MAC address, device id, AMEI, IMEI or other
  • Carrier
  • The IP of the cell tower or wifi access point
  • Type of connection (WIFI, UMTA, GPRS, etc)
  • Connection state (Connected, connecting etc)
  • App name
  • App Version Code
  • App Version Name
  • Screen Orientation
  • Timestamp
  • Type of metric eg. session start, crash, network call, event, transaction.

On top of these basic information the SDKs will augment the dataset with relevant information about different app performance metrics (machine data) such as called URLs, server response status, connection latency, size of request, size of response, stack trace, memory metrics etc.



How can I get started with Splunk MINT?

If you’re a mobile developer, your first step is to go to http://mint.splunk.com to get an account and download the Splunk MINT SDKs. Once you’ve downloaded the SDKs, it takes as little as one line of code to Splunk MINT enable your apps, and you can see results in the Splunk MINT Management Console.

Splunk Administrators should talk to a Splunk expert, and download the app. As part of a trial, we’ll provide you a Data Collector token that will connect your instance of Splunk Enterprise with your mobile data, and you’re off and running.

For more information, check out http://www.splunk.com/mint