Best Practices for Service Providers: 2nd in a series of 3 Cloud Security Blogs

Welcome back to our cloud security week! Today our cloud security series has a focus on how CenturyLink Cloud manages its cloud environment, per the shared responsibility model described in this week’s earlier post and our recently released Cloud Security Overview.

With security as the top IT concern for many years, it’s no surprise the industry worked hard to alleviate enterprise customer security concerns. Today many organizations actually feel more comfortable with security in the cloud than they do with that of their on-premises data center. One customer noted, “when we were running our own datacenters, it was a full time job just to evaluate and install all the required security patches. We just didn’t have the ability to get to them all. That was creating risk.”

Let’s look at some best practices in critical areas under the cloud security domain, including APIs, user management, logging, and identity and access management.

Securing API Calls

Application Programming Interfaces (APIs) allow you to integrate your cloud-based application with myriad other systems regardless of their locations or platforms. They’re great for business agility, but they introduce an additional...

Read on...

Security is paramount at every layer of the infrastructure stack, from the underlying hardware to the application itself. The advent of cloud and hybrid IT models has extended this conversation off-premise when creating cloud-enabled applications.

This is the first post in a cloud security series on topics ranging from the shared responsibility model to the intricacies associated with identity and access management, just to name a few. These posts build on cloud security best practices covered in our recently released ebook, 5 Best Practices for Cloud Security, and our detailed look at security in the CenturyLink Cloud Security Overview.

Today’s blog discusses the shared responsibility model and the least privilege principle. These two lay the foundation for most security decisions when adopting and leveraging cloud-based infrastructure resources. Without them, businesses using cloud may not know when or how to secure their environments or what actions authenticated users can take.

Shared Responsibility Model

The shared responsibility model describes an understanding between the cloud provider and its users, where the provider manages security of the cloud and users managesecurity in the cloud. Security of the cloud normally constitutes physical assets, underlying network and IT infrastructures, and foundational...

Read on...

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Margaret Walker from Cohesive Networks, a software-defined networking company.

Cloud computing effectively outsources a lot of the traditional data center operations and management roles and responsibilities. Cloud providers build data centers that are faster and cheaper than most enterprises. That's great but what does that mean for the way you, the cloud users, secure your cloud resources?

Public cloud is arguably just as secure as an on-premise data center, but getting data to the cloud uses the public internet. The public internet is just that - public. Your data in motion moves from your device, over the public internet, then into a secure cloud environment.

Shared Attention: Overlapping Security Controls Are Powerful

CenturyLink is excellent at building secure data centers, screening and vetting their staff, and automating security controls that support their compliance policies. With a solid cloud platform, you no longer have to worry about hardware and virtual security in Layer 0 – 3.

So the underlying cloud is secure, which means you have...

Read on...

It’s no secret that enterprise applications are increasingly being operated in ‘cloudy’ environments. When systems are moved to the cloud, they often are moved partially or relocated in stages that are instep with the evolution of other IT systems. Even when traditional back-end enterprise systems such as ERP, data warehouse and similar systems remain entirely in-place, they’re increasingly being augmented or extended with vendor software and services that reside in the cloud. For example, many organizations have already integrated Salesforce.com into their back-end enterprise systems, and these back-end systems often reside on premise or in a colocation environment. Thus, Hybrid IT is already the current reality for many IT organizations and is on the road to becoming ubiquitous. Optimizing Hybrid IT architectures, from an availability perspective, is the central question considered here. If Hybrid IT is the new normal, then what are the implications for how we design and manage systems that run across multiple data centers in different locations? In a new whitepaper titled the ‘Seven Secrets to High Availability in the Cloud’, lessons are borrowed from distributed computing and applied to Hybrid IT scenarios which reveal opportunities for improving availability, despite growing complexity.

The ‘Seven Secrets to High Availability...

Read on...

In its recent report, Tech Go-to-Market: How to Win With DevOps Buyers, Gartner Research looks at the buying process of DevOps-centered organizations. And Gartner makes an important point. For technology providers to sell to organizations with a DevOps culture, traditional sales approaches don’t fly. In fact, developers and operations teams—whose synergy we collectively call DevOps—eschew traditional marketing and sales pitches. They are so technically discerning that they sniff out marketing lingo from a real product offering. The real danger is they can shun a product forever when it comes from marketing or sales channels. So what’s the best way to win over DevOps teams?

Technology providers familiar with selling to traditional I&O (infrastructure and operations) teams find themselves on unfamiliar ground in a DevOps driven culture. A big change Gartner notes is that workloads increasingly migrate from the traditional datacenter to public or multi-cloud infrastructure like AWS, Azure, Google Cloud, vSphere.

Gartner found that migrating workloads to the public cloud shifts decision-making power away from the traditional IT buyers to DevOps and agile practitioners. These personas include developers, DevOps managers, release managers, build/automation managers, and architects who influence buying decisions bottom-up. Moreover, DevOps philosophies and practices vary so much from one organization...

Read on...

The annual publication of the Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide1 is a report card of sorts for each vendor, handed out based on the reams of data Gartner collects from countless interviews and quantitative analysis.

As we look in the rear-view mirror and evaluate our own performance over the last 12 months, two major themes stand out:

Successful ‘table stakes’ execution

To gain a significant chunk of the cloud market in the years to come, a provider must consistently:

• Deliver operational excellence – meet and exceed SLAs for customers, including some of the world’s largest brands.
• Rapidly develop new capabilities – we launched new services and features month after month. Further, the DevOps mindset is woven into our organizational philosophy and structure, so CenturyLink can continue to release early and often.

Compete on price, specifically hourly compute – there’s far more to cloud costs than just the sticker price shown on websites. But the top vendors have demonstrated scale and efficiency with regular price drops. CenturyLink Cloud’s sticker prices – and bundled add-ons – make for a compelling and differentiated value prop.

We believe CenturyLink passed these 3 tests, as did the others who faired well in the 2015 edition of the...

Read on...

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Lia Gurin from Centerity, IT infrastructure monitoring and software management.

For many IT departments, system monitoring is a painful problem. Many times a specialized team is put in charge of monitoring consoles which display threshold alerts and exceptions against various thresholds. This stream of notification traffic provides IT teams with tons of data that immediately turns into a classification and organization problem. Actionable information that adds value to situational awareness is still hard to come by. The fact remains that many IT monitoring consoles, provide myriad alerts about IT components (e.g., physical, passive, virtual, cloud, application, end-user experience) yet offer no systemic clarity or relevance for 99% of monitoring use cases.

As a direct result, most IT teams look at the monitoring console as an exercise in figuring out what they should ignore.

The only practical solution for this unproductive situation is to use Business Service Management (“BSM”) views of key business processes. Only by mapping an enterprise’s important business services into process views...

Read on...

We are squarely in what I like to call the “2nd inning” of cloud. In my discussions with prospects and customers, the conversations have taken on a distinctly “enterprise” feel to them, reminding me of previous technology waves and disruptions, like client-server, and virtualization before. A new report from Frost and Sullivan outlines this shift, as the so called “new IT” tries to better align with the needs of the business and business outcomes.

This starts with the business drivers themselves – while Cloud may have started as a great tool, providing on-demand access to scalable infrastructure resources to support dev/test and web app build outs, it has clearly progressed into something much more strategic.

Frost and Sullivan demonstrate this very clearly with their survey of US-based IT decision-makers and the shift in attitudes in just 3 short years:

Top Reasons Enterprises Choose Cloud, 2011 versus 2014

Source: Frost & White, SPIE 14-26, Cloud Adoption Reaches a Long-Awaited Tipping Point 2014 Cloud User Survey (July 2014).

The winds have acutely changed from tactical (defer server purchases) to...

Read on...

Regular readers of our release notes know we now detail enhancements across a broad range of services, beyond what’s included in our flagship public cloud services.

This shift has a practical benefit to customers, since the vast majority of what we build is available via self-service and on-demand. Online documentation is crucial to enabling our customers with these new capabilities.

Here are a few highlights of our May release, grouped by product “theme” for context.

New Services for Developers

Most businesses that have thrived the past decade have one thing in common – great software. (Cue the "software is eating the world" narrative.)

If you’re operating in the retail, consumer goods, or transportation sector, how do you consistently build and deliver great software to users? You use the cloud, and you use new, innovative services that make life easier for developers. Two such examples are front-and-center in the May release:

• Orchestrate.io – API-driven database-as-a-service, recently acquired by CenturyLink. The service is now accessible in four CenturyLink Cloud nodes, and can be integrated in with other cloud deployments.

Open Source

The embrace of open-source within the enterprise is a popular topic here, and was discussed by our own Jared Wray recently:

And Jared is not alone in his enthusiasm. The...

Read on...

As a developer, you value the principles of SOA. You aspire to build applications as a set of consumable services via endpoints. Remember how Amazon used SOA to build the AWS platform and how Google is emulating AWS? However, not all is hunky-dory in the SOA world.

Developing is one thing but running, managing, and maintaining services is a whole other beast. When it comes to the latter, many enterprises still act monolithic. They run and manage applications services as a unit on one or many servers. This approach fails to scale when the services themselves scale or when you need to update and maintain them regularly. So do you lament over the spiking costs and time spent on these efforts or fix the problem?

Recent trends point to microservices as the answer. By definition, microservices are much smaller than services. In fact, Wikipedia says a microservice performs a small task often just one. There are many articles that go in deep about microservice architecture, but we cover an important part here, which is deployment automation. In other words, our daily job.

The self-contained, independent, and reusable principles of microservice architecture help solve the problem of scaling and maintaining application services.

• Self-contained. microservices are

Read on...

While getting ready for Cloud Foundry Summit, I sat down with Chris Sterling, and CenturyLink Cloud ecosystem head, David Shacochis, to discuss their respective efforts within the Cloud Foundry landscape and what they’re looking forward to at the upcoming event.

Q: With Cloud Foundry Summit right around the corner, what momentum do you see for the broader Cloud Foundry ecosystem?

Shacochis: Chris sent around this link the other day of Sam Ramji’s interview with Alex Williams on the Cloud Foundry ecosystem – it’s very consistent with the momentum we’re seeing around Cloud Foundry here at CenturyLink.

Sterling: Absolutely, and for anyone who hasn’t heard that podcast, it’s almost required listening if you want to better appreciate the past and future of Cloud Foundry.

Q: What stood out to you in that interview?

Shacochis: The important piece to me is the power an open-source ecosystem holds when it’s well-managed and incorporates diverse perspectives toward a shared goal. Ramji covers how many large organizations are part of the Cloud Foundry Foundation and driving innovations from their particular part of the industry into the code base. It made me think of all the work CenturyLink has been doing with the Foundation to fine-tune some of our past contributions.

Q:...

Read on...

Nearly every business today relies on faster, innovative technology to succeed in the marketplace. How about the coffee you drink, or the movie you’re watching, or the phone on which you’re watching it? Name every business or walk of life. You can argue that technology serves to make it better. If DevOps helps deliver the best services and experiences to you, then should companies making the coffee, movies, and phones also make their own DevOps solutions?

I completely empathize with the challenges the developers and DevOps teams face in transforming a team or company from traditional development and delivery to an agile lifecycle. I experienced this firsthand at Trend. I led a business unit that acquired a SaaS company for online backup and storage; this young company updated and deployed code several times a day. It was painful to integrate their processes into ours. I wish Cloud Application Manager had been an option then. I cringe when I consider the time and costs of lost productivity, wasted development time, and delays in getting to market.

Faster Deployment Nirvana

Every day, I speak to several technology companies. Speed is at the top of their mind. They all experience the pain of not deploying and...

Read on...