Posts Tagged: Security

Transform Your Security Policy for the IoT

August 17, 2017
By Jessica Weber

big data lock

In a previous blog we mentioned the Internet of Things (IoT) and how it is changing the approach towards cybersecurity. Predictive analytics is increasingly becoming an integral part of the security game, as companies invested in IoT use analytics to identify attacks before they happen, an important step in the evolution of security. As IoT continues to increase its share of the IT market and also changes the way we use technology in everyday life, we must adjust our cybersecurity policies to take into account this fundamental shift in security needs.

IoT is also a big driver in the digital transformation of company infrastructure, as organizations respond to the changing needs and demands of their customers for more technology integration. In fact, research findings published by Inmarsat say that IoT has become the leading reason for digital transformation and is the number one priority for 92% of organizations.

As companies go through digital transformation and incorporate IoT, they need to keep security top-of-mind. Gartner states that "by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk". Organizations cannot afford to have long periods of downtime due to cyberattacks...

Read on...

ThreatConnect Partners with CenturyLink

August 15, 2017
By Jonathan Townsend

cybersecurity

CenturyLink's end-to-end security managed services are built to detect, protect, and respond to security threats and malicious activity anywhere customers do business. Bolstering these features, CenturyLink’s Managed Security Services will now leverage ThreatConnect, a threat intelligence-based security platform that taps into SAP HANA. The partnership allows CenturyLink to utilize its Managed Services offering, composed of a data-driven set of tools to improve detection, protection, and remediation services for customers.

CenturyLink’s security service is built to help Security Operations Center (SOC) specialists and customers identify, block, and mitigate security threats through Security Log Monitoring(SLM), incident management, and response support services. ThreatConnect will integrate with the CenturyLink platform to provide an offering and solution that fits with its customers’ new or existing threat management and security operations functions.

Regarding ThreatConnect’s impact working with organizations, CEO Adam Vincent said, "the MSSP program is a force multiplier that organizations like CenturyLink can leverage to offer threat detection and response, customized processes or any of a number of premium services to clients."

Adam Vincent’s vision is centered on automating as much of a SOC as possible and while continuing to build a community around threat intelligence. In years past, the barriers were technology-based as the resources and process...

Read on...

Predictive Analytics and Virus Research Have More in Common Than We Think

July 20, 2017
By Jessica Weber

analytics graphic lightbulb

The Internet of Things (IoT) encompasses many avenues and aspects of modern technology and life. Our devices have enabled us to become a more connected society because they have been designed specifically to connect to one another. But with this connection comes many challenges. As data is shared between the ever-expanding network of "smart" devices, we have to look at how we can protect that data in ways we haven't previously had to.

What is IoT?

The Internet of Things is basically a network of connected devices. Or as one Forbes writer excellently described it: "...the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig.". When we talk about IoT, we're talking about the revolution of technology-driven smart devices that have changed the way we live, work, and play. As more and more devices are developed and connected, there are just as many questions and issues that come into...

Read on...

Alert Logic: A Better Approach to Security

July 6, 2017
By Alert Logic Evangelism Team

alert logic logo

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This edition's guest provider from the Marketplace Provider Program is Alert Logic.

Businesses' top priorities are to provide a service that meets the needs of its customer base, grow in their respective markets, generate revenue, and protect their investments. Ensuring that your company has an adaptive and comprehensive security model is one of the best ways to protect the company’s investments, data, customers, and reputation.

Security threats are nothing new and only continue to evolve, getting harder to detect and eliminate. To ensure that a business is continuously secure takes time, effort, resources, and expertise. This can be a challenge for companies who are trying to manage their security posture while still supporting the day-to-day business operations. IT infrastructure is more dynamic than ever, with on-premises data centers, cloud and hybrid environments, and an ever-changing threat landscape. Without a clear line of sight into your entire infrastructure environment, how can you protect your data and applications from compromise?

A Better Approach to Security

Alert Logic's Security-as-a-Service offering...

Read on...

Security Made Easy with FlexSecure

June 8, 2017
By Sid Prasanna

flexsecurelogo

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This edition's guest author from the Cloud Marketplace Provider Program is Sid Prasanna, CEO, at FlexSecure.

Passwordless Authentication Made Easy

FlexSecure solves a unifying problem -- the need to dynamically secure access to resources and data, based on the user and their level of authorized access. Many solutions exist for granting access in a static way, but no easy-to-use solution exists that can adjust the security authentication requirements in real-time, based on dynamic factors in the security equation.

By adding FlexSecure to their existing authentication or access control systems, organizations can adopt multi-layered authentication options. Multi-layered authentication enable organizations to add significant levels of security to protect their data from hackers and prevent unauthorized access.

FlexSecure is a flexible user authentication platform, providing Passwordless and Pin-based authentication, without the need to install an application. This platform enables organizations of all sizes to mix and match appropriate user authentication methods to protect applications on their Cloud, Mobile, and IT infrastructure. The FlexSecure platform is easy and secure and offers...

Read on...

WannaCrypt Ransomware Malware Announcement from CenturyLink Cloud

May 25, 2017
By Christine Sala

On May 12, 2017, Microsoft issued a statement confirming a number of their customers had been affected by the malicious WannaCrypt ransomware malware. CenturyLink has taken steps to ensure our Cloud environment has the latest patches and is monitoring for any additional related vulnerabilities.

If you believe your organization is impacted we recommend all CenturyLink Cloud customers take the below steps to further secure your environment:

  • Install Microsoft Security Update MS17-010 to address the vulnerabilities by correcting how SMBv1 handles specially crafted requests. Details here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Confirm that anti-malware is deployed and updated and work with your provider to confirm you are protected.
  • Ensure the following IP ports (TCP 139, TCP 445, UDP 137 and UDP 138) are blocked at the firewall unless essential to your operations.
  • If you have any questions or concerns, please contact cloudhelp@ctl.io

    ...

    Read on...

    Vormetric Live Data Transformation – Boldly Going Where No Encryption Has Gone Before

    May 11, 2017
    By Eric Wolff

    Thales-logo

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This editions guest author from the Cloud Marketplace Provider Program is Eric Wolff, Senior Product Marketing Manager, at Thales e-Security. Thales e-Security acquired our long-term partner Vormetric earlier this year.

    Downtime – nobody likes it. Unplanned downtime is almost always expensive. A 2015 report from IDC even revealed that for the Fortune 1000, the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year.

    Planned downtime is also a pain. Before I was in the security business, I marketed network solutions that were “bumps on the wire” which required planned downtime for deployment. There were ways to minimize or even reduce the downtime, but they were complicated.

    These same downtime obstacles present themselves with encryption. There's a great return on investment (ROI) – you can sleep better knowing that data thieves get nothing they can use (and how happy you’re making the compliance team). But, for enterprise-class encryption, there’s almost always a planned downtime period while tens of thousands of files or...

    Read on...

    Using Cloud Storage in Your Data Protection Strategy

    January 3, 2017
    By Jessica Weber

    Data Protection Puzzle

    Reading Time: about 7 minutes

    Many businesses opt to use Infrastructure-as-a-Service (IaaS), particularly for cloud storage, backup, and disaster recovery, to improve upon their existing storage options while controlling costs. The scalability and flexibility of the cloud has a lot to do with these cost-saving measures; many companies pay very little upfront to access a wide variety of storage options, and scale those options up or down as their demand shifts.

    In fact, there are many reasons that IaaS offerings have broad appeal – businesses see the value in low capital investments, paying as they go, anywhere access, and tight security. Unlike many in-house options, using cloud services means that the burden of IT development and upkeep is on the cloud provider, not the primary business. The IT staff at the cloud company take care of the routine and maintenance tasks associated with storage and backup. This allows organizations to focus on other areas within their business services, while still having a reliable way to safeguard their information.

    Data Protection Defined

    Developing a data protection strategy for your organization primarily means thinking about how your critical data would survive a complete failure of some kind. One of the most important decisions your business can...

    Read on...

    Simplifying Health Information Management in the Cloud

    November 21, 2016
    By Chad Zerangue

    simplicity doc.png

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Chad Zerangue, CEO, at Simplicity Health Systems.

    Health information is becoming increasingly difficult to manage as clinical and financial requirements and regulations become more stringent and partnering relationships become increasingly complex. This is especially the case when it comes to sharing information with ancillary services like pharmacies, radiology departments, medical laboratories, third-party providers, and specialist providers. The U.S. Department of Health and Human Services Office of Civil Rights (OCR) has a growing HIPAA Audit Program. HIPAA-covered entities will be required to make sure their systems are compliant with the HIPAA Privacy Act or face heavy fines, jail time, or both. Many small and medium sized healthcare businesses can’t afford multi-million dollar health information systems that larger hospitals and other large health entities can. In turn, they resort to non-compliant tools such as email, fax machines, eFax, RingCentral, Box, and DropBox. Simplicity Health Systems is disrupting that paradigm with a system that allows healthcare businesses to easily share information with their partners,...

    Read on...

    Tips for a Successful Security Strategy

    October 19, 2016
    By Brandy Smith

    secure cloud

    October is National Cyber Security Awareness Month (NCSAM), an annual campaign sponsored by the National Cyber Security Alliance (NCSA). The overall goal, according to the Department of Homeland Security, which participates in NCSAM, is to “increase the resiliency of the Nation in the event of a cyber incident.”

    Security threats are vast and constantly evolving, as should your businesses security strategy.

    Today, security isn’t just about basic protection. Companies have far more to consider than they once did. Now, a security strategy is a holistic approach to protection, prevention, detection and response—and it needs to encompass all aspects of an adaptive security architecture.

    Top Business Security Threats

    Here’s an overview of what you need to consider when implementing, updating, and enforcing your security strategy.

    External Threats

    According to Cisco's Annual Security report, 100% of multinational companies show evidence that suspicious traffic was emanating from their networks and attempting to connect to questionable sites.

    The speed at which external threats are increasing is exponential. There are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up. There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long...

    Read on...

    Increase Security Not Complexity

    October 5, 2016
    By Matt Pley

    fortinet-logo

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Matt Pley, VP Carrier & Service Provider Group, at Fortinet.

    Cloud computing is becoming increasingly popular among enterprises looking to take advantage of quick deployment, unprecedented scalability, and cost savings. Both public cloud adoption and private cloud infrastructure, including virtualization and software-defined networking (SDN), are rapidly transforming data centers worldwide. Evolving your infrastructure means your security must evolve as well. If your security can’t keep up with the agile public, private, and hybrid cloud environments of today, gaps in protection will occur. The Fortinet Security Fabric has integrated next-generation firewall (NGFW) technology with the CenturyLink Platform to help businesses achieve end-to-end security without the complexity.

    End-to-end Next Adaptive Security Protection

    The award winning Fortinet Security Fabric network security solutions provide end-to-end security across the entire network. FortiGate enterprise firewalls are optimized for internal segmentation, perimeter, cloud, data center, distributed, and small business deployments. Organizations can simplify their security posture with one security solution across your physical, virtual, and cloud deployments.

    Organizations can choose individual services,...

    Read on...

    FlexSecure: Strong Authentication Made Easy

    March 16, 2016
    By Sid Prasanna

    FlexSecure LogoPeriodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Sid Prasanna, CEO of FlexSecure Inc.(www.flexsecure.co).

    As cyber attacks and data breaches continue to make headlines, Security-as-a-Service offerings are becoming more valuable by the day. In the IT world, there is now a fundamental understanding that any business with an on-line presence needs to think about data security for both their business and their customers. FlexSecure has joined with the CenturyLink Cloud Marketplace to make the process of providing robust, solid, and capable authentication easy and painless for any customer, regardless of their technical abilities.

    Solution Overview

    The FlexSecure platform enables organizations of all sizes to choose and combine user authentication solutions based on the individual needs of their company. Companies and developers can add pin and passwordless security to their existing authentication mechanisms. Users can also change authentication methods in near real-time through an easy-to-use interface.

    FlexSecure Diagram

    Layered Security

    Some of FlexSecure's primary advantages are:

    Custom user and device authentication: The authentication standards can be "turned up or down" to suit the needs of the users. For...

    Read on...

    CenturyLink Cloud Delivers IPS Anywhere

    February 23, 2016
    By Chris Meyer-Product Analyst, Client Security

    cloud_security

    Recently a major vulnerability in the open source GNU C Library (aka ‘glibc’) was disclosed to the public. We discussed in a post on February 19th, how to tell if you were affected by the glibc vulnerability and how the CenturyLink Platform was largely unaffected by the issue. For many users and providers, however, that was not the case. Despite a patch being issued in parallel with the disclosure, this revelation undoubtedly kicked-off a scramble in IT organizations of all sizes and industries to evaluate the level of exposure this vulnerability presents within their overall environment.

    For most companies the ability to estimate quickly and accurately their level of risk to a vulnerability like glibc just doesn't exist. Even if a company has a robust threat evaluation process, IT personnel usually aren't equipped to answer the real question of whether the cost -- both tangible and intangible -- and risk associated with performing emergency maintenance and patching is a necessary or a worthwhile investment. Sometimes, a patch isn't available at the time of the disclosure and doesn’t have that option. Essentially, IT personnel can know that the company is vulnerable, yet there isn’t anything they can do about it. Either way,...

    Read on...

    How to Tell if You Are Affected by glibc Vulnerability

    February 19, 2016
    By Steve White, Director of Security and Compliance

    security

    Popular media outlets are reporting a new vulnerability that was recently discovered in "glibc" which is a key component in most modern Linux systems. For background, you can read the details of the original discovery and the summary information on the risk rating for this vulnerability.

    The CenturyLink Platform is largely unaffected by this issue. We have patched our DNS servers and the default DNS servers used by customer virtual machines on our platform. Customers running their own DNS servers on Linux-based virtual machines or customers not using the default CenturyLink Cloud DNS servers should apply the released patches to these servers as soon as possible.

    For customers using the CenturyLink Cloud® Intrusion Prevention Service (IPS) your hosts already have detection enabled for any attempts to exploit this vulnerability. This particular signature is set to "detect only" rather than "block" in order to prevent unintended impact to production services. The IPS system will send you an alert using the configured mechanisms if there are any attempts at an exploit. We recommend you update the operating system on your servers according to your standard maintenance cycle. You can learn more by reading our IPS Anywhere post.

    For CenturyLink Cloud® customers using VMs with a...

    Read on...

    Six Data Backup Basics - Not Just for Cloud

    January 7, 2016
    By Mark Lee

    Simple Backup ServiceLet's face it, you never know when the need will arise to restore or recover your data. We’ve all “been there, done that”, or we have it in the back of our mind that we’ll need to do it someday. However, the odds are that the need to restore won’t be triggered because of a disaster or a hack, but more likely because of common reasons such as: system/user error, corrupt data, deleted data, new environments, a legal hold request, or a Governance, Risk Management, or Compliance (GRC) program which requires that the data must be restored as proof that the data is being retained.

    Whatever the case may be, the key to understanding data restoration is knowing that data backups are taking place to begin with; which means planning, implementation, and execution. These tasks can be daunting and riddled with details, which is why they are typically assigned to an operations team (including the planning). However, there are other contributors to backup planning: business owners, product owners, application/database owners, etc., especially when they have a vested interest in restoring or recovering after an issue or event has occurred. Naturally, you want (and need) the correct data restored as soon as...

    Read on...

    Anti-virus is Not Enough!

    December 17, 2015
    By Kevin White

    In today's growing market, we are seeing customers of all sizes migrate to the cloud for a variety of reasons. The cloud is certainly showing its value in the market, from the small developer looking for a free, disposable, or cost efficient server to large corporate customers looking to optimize IT agility and expenses.

    Unfortunately, whether it's cloud or traditional managed services, many clients opt for nothing more than an anti-virus application and perhaps a firewall to cover their information security compliance requirements. However, as attacks grow more sophisticated and Advanced Persistent Threats (APT) grow more prevalent, using nothing but anti-virus and a firewall can leave gaps in your security profile, exposing you and your customers to unnecessary risks.

    To get an idea of the risks you might face, consider this article - MySQL servers hijacked with malware to perform DDoS attacks. In this case, the attacker was able to upload a Trojan Horse application directly into a database, most likely through a SQL injection. An Intrusion Prevention System (IPS), unlike an anti-virus application, would have detected the SQL injection attempt and blocked it at the web interface. However, because the system was inadequately protected, the attacker slipped the Trojan Horse past...

    Read on...

    Data Center: Media Protection

    October 30, 2015
    By Daniel Morton, et. al.

    Data Center Media Protection

    Ensuring the privacy and confidentiality of data and that customer media is protected are strategic priorities at CenturyLink. That filters down into our chain of custody procedures when handling or transferring customer media and in our procedures for the sanitization and disposal of media. Here's a shocking observation from the National Institute of Standards and Technology (NIST) Special Publication 800-88, Rev.1 on a leading source of media vulnerability and what is needed to close the gap.

    An often rich source of illicit information collection is either through dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or through keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information. Media flows in and out of organizational control through recycle bins in paper form, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of where information is located, what that information is, and how to protect it.

    Part 3 of the Data Center series highlights the safety measures in place for digital and non-digital media in a CenturyLink data center. We've limited...

    Read on...

    Data Center: Environmental Protections

    October 23, 2015
    By Daniel Morton

    Data Center Environmental Protections

    Cyber attacks on major corporations generate big news headlines, especially when they are successful. Threats to a data center from heat, humidity, water, or smoke aren't as flashy in terms of media coverage. They are, nonetheless just as real and, potentially, just as devastating. That's why you need a full array of environmental protections in and around your data center.

    Any data center provider will affirm that they're required; and that all built-in protections fly under the radar until you really need them. To illustrate the point, on January 9, 2015 several news agencies covered a 3-alarm fire at a data center in Ashburn, Virginia. The massive building was under construction. The conflagration apparently had started on the roof. Fortunately, there were no injuries and firefighters were able to extinguish the blaze after about an hour.

    This is Part 2 in a 3 Part series highlighting different protections inside and around a CenturyLink data center. This time we focus on the environmental safeguards that protect the facility, personnel, the infrastructure, and your data. If you missed Part 1 in the series, Data Center: Physical Security, you can find that topic right here.

    Data Center Locations

    We carefully choose the location of a data center...

    Read on...

    Starting from Scratch with Cybersecurity: Introduction to Security Products Part 1

    October 21, 2015
    By Stephanie Wong, Product Owner.

    Security is newsworthy. Recently, the IRS reported as many as 330,000 taxpayer accounts they believe were accessed by thieves. These security breaches often result in identity theft and the loss of critical corporate data, and can cost your company millions of dollars in unrecoverable expenses.

    As a company, you need to be aware of IT security and your need to be protected, and you might be wondering where to start. This post is the first in a multi-part series about the various types of security products available and what they can do for you. These tools can be used to secure anything -- whether it's a home PC or laptop, an enterprise tech stack or even a hosted hybrid cloud solution. The same principles apply everywhere. Initially, we’ll begin with host-based security products.

    Host-based security products are those that reside on or help to protect one host, server, or virtual machine. These host-based security products can be used at home or at work. The three fundamental types we’ll discuss here are Anti-Virus/Anti-Malware, firewalls and IDS/IDP.

    Anti-Virus or Anti-Malware

    Let’s start with Anti-Virus or Anti-Malware products. These products detect and protect against software viruses on your host. These harmful files get to your host through...

    Read on...

    Data Center: Physical Security

    October 16, 2015
    By Daniel Morton, et. al.

    Data Center Physical Security

    "Data security starts with physical security." Natalie Lehrer underscored that point in her Information Week article called A Guide to Physical Security. She's right. Protection of company personnel, facilities, and data begins with physical security. It's a strategic priority at CenturyLink. The "rubber meets the road" in the management and operation of the facilities. Our data centers earn a M&O Stamp of Approval Certification from the Uptime Institute. Joel Stone is responsible for Global Data Center Operations at CenturyLink. Here's his take on the importance of a data center receiving M&O Certification:

    "Earning the M&O certification demonstrates the effectiveness of a data center’s management and operations, giving customers “peace of mind” by ensuring the facility that houses their critical IT functions has passed a rigorous, third-party audit to conform its practices to the highest of standards."

    This is Part 1 in a three part series covering various aspect of data center security. Part 2 will discuss environmental protections. Part 3 will cover media protections.

    Security Policies

    It starts at the top. Physical security at a data center is governed by CenturyLink Corporate Security. This group oversees the policies, processes, and work rules ensuring that all data centers operate under a consistent set of procedures...

    Read on...

    Security and Audit Compliance is Hard – Automate It with Cavirin and CenturyLink Cloud

    August 25, 2015
    By Tim Thompson

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Tim Thompson of security and compliance provider Cavirin.

    Cavirin ARAPNo business wants to be exposed to risk, fail an audit, or get breached. We can help. With Cavirin’s Automated Risk Analysis Platform (ARAP), now integrated within the CenturyLink Platform, you can elevate your security posture and add an extra layer of transparency and visibility in your cloud ecosystem, without any additional security staff or heavyweight security tools.

    Strengthen your cloud infrastructure without sacrificing security or compliance.

    ARAP can help strengthen your infrastructure by continuously monitoring your CenturyLink Public Cloud environment as well as on-premise environment -- seeking out configuration changes as well as new devices and grading the associated risk based on security and compliance guidelines that you apply. Our platform paints a clear picture of the risk within your dynamic IT ecosystem, so that you stay proactive, well ahead of potential risks to security or gaps in compliance.

    ARAP is agentless and automated, which means cost and time savings for you.

    To us, automation is just...

    Read on...

    How to Securely Hook Up a Cloud Management Platform in Your Private Datacenter

    July 30, 2015
    By

    Platform Security

    Most customers prefer cloud application lifecycle management as a SaaS service. But we’re conscious of companies whose high-security constraints like limited datacenter Internet access or fully controlled periodic backups require an on-premise solution. For those companies and DevOps users, Cloud Application Manager is available as a virtual appliance.

    Today, the Cloud Application Manager virtual appliance is an OVF package for vCenter vSphere and in QCOW2 format for OpenStack. To get access to all the same functionality as the SaaS solution, the only thing you have to do is install the virtual appliance in your virtual platform and plug into your datacenter network. At which point, you experience Cloud Application Manager hosted on your infrastructure where you get the same controls to manage, backup, and restore as you do on other systems in your datacenter.

    At Cloud Application Manager, we care deeply about security and for this reason all the communication for the SaaS and the virtual appliance solutions are encrypted. By default, we ship the virtual appliance with a certificate signed by Cloud Application Manager. But using the appliance setup console, you can set up a certificate signed by a trusted CA or install your self-signed certificate.

    To create and install a self-signed...

    Read on...

    Cloud Security Tools and Services

    June 10, 2015
    By Ben Brauer

    Third in a series of 3 blogs on Cloud Security

    Now that we’ve covered cloud security fundamentals and how CenturyLink secures its cloud, for our final post on security this week, we turn to addressing managed services for cloud-based resources.

    Many cloud users would like to assign the majority of security responsibilities to a third party service provider, particularly if the workloads and applications are not core to their business. Yet maintaining a high level of cloud security is essential to their business. Using a cloud service provider with expertise in cloud security makes sense; the right provider will have a breadth of experience and skilled employees in this specialized field. In-house cloud security expertise is increasingly hard to find, and even harder to keep.

    Security for Managed Server and OS

    CenturyLink Cloud offers managed services for operating systems and applications, such as a Windows Server running IIS, Active Directory, or Redhat Linux machines running Apache Tomcat. These managed services include built-in security features and security options. For example, the Operating Systems come with industry-standard anti-virus protection and regular virus and malware signature updates. It has to be hardened, e.g. by closing off ports, downloading and applying the latest security updates...

    Read on...

    Is CenturyLink Cloud Secure?

    June 9, 2015
    By Ben Brauer

    Best Practices for Service Providers: 2nd in a series of 3 Cloud Security Blogs

    Welcome back to our cloud security week! Today our cloud security series has a focus on how CenturyLink Cloud manages its cloud environment, per the shared responsibility model described in this week’s earlier post and our recently released Cloud Security Overview.

    With security as the top IT concern for many years, it’s no surprise the industry worked hard to alleviate enterprise customer security concerns. Today many organizations actually feel more comfortable with security in the cloud than they do with that of their on-premises data center. One customer noted, “when we were running our own datacenters, it was a full time job just to evaluate and install all the required security patches. We just didn’t have the ability to get to them all. That was creating risk.”

    Let’s look at some best practices in critical areas under the cloud security domain, including APIs, user management, logging, and identity and access management.

    Securing API Calls

    Application Programming Interfaces (APIs) allow you to integrate your cloud-based application with myriad other systems regardless of their locations or platforms. They’re great for business agility, but they introduce an additional...

    Read on...

    Security Matters - 1st in a series of 3 Cloud Security Blogs

    June 8, 2015
    By Ben Brauer

    Security is paramount at every layer of the infrastructure stack, from the underlying hardware to the application itself. The advent of cloud and hybrid IT models has extended this conversation off-premise when creating cloud-enabled applications.

    This is the first post in a cloud security series on topics ranging from the shared responsibility model to the intricacies associated with identity and access management, just to name a few. These posts build on cloud security best practices covered in our recently released ebook, 5 Best Practices for Cloud Security, and our detailed look at security in the CenturyLink Cloud Security Overview.

    Today’s blog discusses the shared responsibility model and the least privilege principle. These two lay the foundation for most security decisions when adopting and leveraging cloud-based infrastructure resources. Without them, businesses using cloud may not know when or how to secure their environments or what actions authenticated users can take.

    Shared Responsibility Model

    The shared responsibility model describes an understanding between the cloud provider and its users, where the provider manages security of the cloud and users managesecurity in the cloud. Security of the cloud normally constitutes physical assets, underlying network and IT infrastructures, and foundational...

    Read on...

    Ecosystem Showcase: Add Layers of Security to your CenturyLink Cloud Networks

    June 5, 2015
    By Margaret Walker, Cohesive Networks

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Margaret Walker from Cohesive Networks, a software-defined networking company.

    Cloud computing effectively outsources a lot of the traditional data center operations and management roles and responsibilities. Cloud providers build data centers that are faster and cheaper than most enterprises. That's great but what does that mean for the way you, the cloud users, secure your cloud resources?

    Public cloud is arguably just as secure as an on-premise data center, but getting data to the cloud uses the public internet. The public internet is just that - public. Your data in motion moves from your device, over the public internet, then into a secure cloud environment.

    Shared Attention: Overlapping Security Controls Are Powerful

    CenturyLink is excellent at building secure data centers, screening and vetting their staff, and automating security controls that support their compliance policies. With a solid cloud platform, you no longer have to worry about hardware and virtual security in Layer 0 – 3.

    So the underlying cloud is secure, which means you have...

    Read on...

    [UPDATED] “Shellshock” Vulnerability & What You Need to Know

    August 25, 2014
    By Jared Ruckle, Senior Product Manager. Find Jared on Twitter

    A new vulnerability was recently identified in the “bash” shell that a default component of most Linux operating systems deployed globally today. This vulnerability – dubbed “Shellshock” - is being compared to what was experienced earlier this year with the Heartbleed bug because of the widespread use of the impacted Linux operating systems.

    Shellshock has been assigned the highest risk rating of “10” according to the Common Vulnerability Scoring System (CVSS). Why? The vulnerability can be exploited across the network, it does not require any authentication to exploit, and exploiting this vulnerability is simple.

    **

    Unmanaged Customers - Patch Your Systems in the CenturyLink Cloud Immediately

    **

    If you have instances running a Linux operating system in CenturyLink Cloud data centers, you are likely affected.  Our unmanaged customers are responsible for day-to-day configuration and deployment of these systems, so it is the customer’s responsibility to remediate any affected systems.

    We recommend you apply the updates for this vulnerability as quickly as possible. This is especially important for those servers running Apache web servers as there are published exploits already circulating for Apache websites.

    **

    Managed Customers – Request Patching via Ticket with Managed Services Help Desk

    **

    Customers running managed environments (including Apache) on CenturyLink Cloud will have their systems...

    Read on...

    Securely Connect to Your AWS Cloud Resources

    July 10, 2014
    By

    When using Cloud Application Manager, you bring your own cloud. To deliver the absolute best experience of deploying applications on any cloud, we are working very closely with all the cloud providers that we support – Google Cloud Platform, Amazon Web Services, Microsoft Azure, OpenStack, CloudStack, and VMware. One of the topics that often comes up is security. Today, we’re adding enhanced security for our AWS support.

    Our friends at Amazon have built comprehensive Identity and Access Management (AWS IAM) features, which enable enterprises to grant and control secure access to specific AWS resources. For instance, with AWS IAM, cloud administrators can set up password policies for the user groups, delegate user and application rights with roles instead of sharing credentials and even enable multi-factor authentication for more privileged users. AWS IAM helps cloud administrators to narrow down the user rights and grant the least needed privileges for the users and applications.

    At Cloud Application Manager we are putting a lot of emphasis on security and hence we are proud to take advantage of the AWS IAM features. It is essential for us that we always comply with the industry standards and best practices of security and risk management. Starting July 11th,...

    Read on...

    Heartbleed Vulnerability Update

    March 9, 2014
    By Richard Seroter, Head of Product Management. Find Richard on Twitter

    A dangerous bug was identified in a popular SSL/TLS library that powers many of the web servers in the internet. This bug – called Heartbleed – allows attackers to retrieve data stored in a server’s memory and access sensitive information.

    CenturyLink Cloud wants you to be aware of one impacted area which was identified through our comprehensive assessment: OpenVPN software. The Linux distribution used for OpenVPN does not yet have an updated, patched package available to remediate this vulnerability. We are actively pursuing other solutions and will have an update on this issue shortly. [Please see update and action items below]

    As this issue is related to OpenVPN client software, we believe it is important to detail what type of communication between users/machines may be affected by this vulnerability.

      Control Portal system is *NOT affected, so there is no need to change your password to the web site.

      Site to site VPN tunnels from customer premise equipment to CenturyLink Cloud data centers are *NOT affected.

      Site to site VPN tunnels between customer servers in a particular CenturyLink Cloud data center to other customer servers in a remote CenturyLink Cloud  data center are *NOT affected.

     ...

    Read on...


    Connect

      Follow us on


    Start Your Free Trial

    High performance, fast deployment times and intuitive management capabilities that will push your business forward

    *We will send a SMS message to verify your account, standard rates apply.