Posts Tagged: Security

Shifting Priorities Push Digital Transformation in Public Sector

June 11, 2019
By Jim Greene

Public Sector Digital Transformation

The move to full digital transformation moves more slowly in public sector and governmental organizations. Procurement cycles are longer, and spending constraints often prevent governments from adopting cutting-edge technology.

According to a Gartner report on CIO priorities, digital business and digital transformation are still important goals for government and other public-sector organizations. A 451 Research study found four key operational goals driving digital transformation for public agencies: improving agility, enhancing efficiency, boosting customer (citizen or constituent) experiences, and managing risk and security.

While many organizations place full responsibility for digital transformation on their IT departments, these groups find it’s essential to involve impacted departments as early as possible in projects. Digital transformation requires more than simply implementing new technologies because it changes both how people work and how they think about work.

When tasked with improving operations and services, governments can take advantage of shifts in enterprise technology to accomplish their goals and overcome a reliance on legacy systems. As agencies find themselves under pressure to meet rising expectations set by constituents’ commercial online activities, digital transformation projects can help them leverage new platforms and services to provide smoother, faster, contextually relevant experiences.

No matter the size of the organization, embracing and adopting cloud-based...

Read on...

Microsoft Announces Critical Security Flaw in RDP Services

May 16, 2019
By CenturyLink Cloud Security Team

Microsoft announced CVE-2019-0708 a critical flaw in Remote Desktop Services that enables unauthenticated remote code execution. In their blog post on May 14, 2019, they report that a specially crafted request could allow an attacker to execute arbitrary code on the victim's system without any user interaction and prior to any authentication. Microsoft sees it as critical enough that they're issuing patches for non-supported versions of Windows XP and Windows Server 2003 to help prevent this spreading as wildly as WannaCry in 2017. Affected versions of Windows include:

  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003
  • Windows XP

Links to the full list of affected operating systems, as well as links to the necessary patches, can be found in the same TechNet blog where the announcement was made.

The security of our customer's networks is of great importance to us as well. Because we still offer Windows 2008 R2 as an option, and many of our customers choose to use deploy with this option, we felt it necessary to proactively encourage our customers to perform this update immediately after testing in a non-production environment.

Ideally, we encourage our customers to limit services exposed to the public Internet, or whitelist specific...

Read on...

Protect Yourself Against Hidden Costs of Unplanned Outages

April 16, 2019
By Jim Greene

Hidden Costs Outages.jpg

If your data center goes down, so does your business. Having systems outages that last for even a few minutes can have devastating, long-lasting ripple effects.

Let's start with losses in revenue and productivity, and potential compliance penalties. According to Gartner, the average cost of IT downtime is $5,600 per minute. Considering the differences in how businesses operate, it can range from a$140,000 per hour on the low end, $300,000 per hour on average, and as much as $540,000 per hour — more than three times what it was in 2012 — at the high end.

Those are the costs you can see. But, there are others that may be hidden or harder to measure. Consider customer loyalty, damage to your reputation, and employee burnout, just to name a few.

Customer Loyalty Takes a Hit

Customer expectations regarding service are set by what a business promises it can deliver. You're unable to deliver on those expectations in an outage, so customers are more likely to take their business elsewhere or publicly express their disappointment. Because of social media, their words can spread around the world in minutes.

Losing a long-term client or having a customer go inactive represents a significant loss. In theory, you could...

Read on...

Using Cloud Storage in Your Disaster Recovery Plan

January 21, 2019
By Jim Greene

Data Protection Puzzle.jpg

Developing a data protection strategy primarily means thinking about how critical data would survive a complete failure. One of the most important decisions a business can make is how to provide additional capability to support a comprehensive disaster recovery plan.

According to State Tech, "Cloud is a critical enabler of digital transformation and must be accompanied by supportive leadership and agile and streamlined processes focused on agency constituents that allow secure multichannel access to information, services and benefits."

Unlike many in-house options, cloud services shift the burden of IT development and upkeep from the business to the cloud provider. IT staff at the cloud company take care of routine tasks and maintenance associated with storage and backup so organizations can focus on other areas within their business while having reliable safeguards for their information.

Would Your Critical Data Survive a Complete Failure?

The cloud's scalability and flexibility cost very little upfront and offer access to a wide variety of storage options that businesses can scale up or down as demand changes. Combining these three cloud solutions can help businesses create a comprehensive data protection and disaster recovery plan:

  • Backup-as-a-Service: In the same way that all other "as-a-Service" components operate, backups can be handled in many


Read on...

Intel Discloses Three Security Vulnerabilities

October 11, 2018
By Christine Sala

As part of the August 14th disclosure by Intel, three security vulnerabilities have been named:

  • CVE-2018-3646 (L1 Terminal Fault - VMM)
  • CVE-2018-3620 (L1 Terminal Fault - OS)
  • CVE-2018-3615 (L1 Terminal Fault – SGX, SMM)

At this time, there is no indication that these vulnerabilities have impacted us or have been used to attack our customers.

Intel has posted detailed information about these vulnerabilities here.

Briefly, each of these vulnerabilities affects a different aspect of the terminal fault vulnerability.

  • CVE-2018-3646 (L1 Terminal Fault - VMM) - may allow unauthorized disclosure of information residing in the L1 data cache from a virtualized guest in Virtual Machine Monitor (VMM).
  • CenturyLink has taken the necessary steps to mitigate this vulnerability through vendor recommended patches and microcode updates. No further action is necessary.

  • CVE-2018-3620 (L1 Terminal Fault - OS) - may allow unauthorized disclosure of information residing in the L1 data cache from the Operating System (OS) or System Management Mode (SMM)
  • CenturyLink recommends that customers apply necessary security updates in a timely manner.

    For Linux users, a number of tests can be performed to validate your level of protection:

    Ubuntu OS Details and Tests

    RedHat Details and Tests, including Ansible playbooks to ease testing

    Linux Kernel Details and tests

    Microsoft also provides details on testing and...

    Read on...

    Additional Meltdown and Spectre Update

    January 19, 2018
    By Christine Sala

    CenturyLink Cloud completed the implementation of all available patches on January 13. We are continuing to work with hardware and software vendors on the release of new patches to be tested and applied as they are released. You can follow the progress more closely and subscribe to updates on our status site,

    Also, please note that while CenturyLink is patching our environment, we want to remind our customers that they are responsible for updating the operating system for their cloud virtual and bare metal servers. We recommend that you check with your operating system vendor(s) and system manufacturer(s) and apply any updates as soon as they are available. Below are many useful resources about the issue.

    OS and Hardware vendors

    Microsoft security updateRed Hat security updateSuSeUbuntuChrome OSARM security updateQualcomm press releaseWind River

    System Manufacturers

    AcerApple •...

    Read on...

    Meltdown and Spectre Update

    January 12, 2018
    By Christine Sala

    CenturyLink Cloud completed initial patching 1/8/2018 as anticipated. Customers who fall into the 8% of infrastructure remaining have been contacted with more detailed timelines. However, we are continuing to mitigate potential threats by testing and implementing patches as they are released. You can follow the progress more closely and subscribe to updates on our status site,

    Lastly, please note that while CenturyLink is patching our environment, we want to remind our customers that they are responsible for updating the operating system of their cloud virtual and bare metal servers. We recommend you check with your operating system vendor(s) and system manufacturer(s), and apply any updates as soon as they are available.

    For managed OS customers please reference the Managed OS Patching and Update Process knowledge base article.

    If you have any questions or concerns, please contact


    Read on...

    Meltdown and Spectre Vulnerability Overview and Customer Guidance

    January 4, 2018
    By Christine Sala

    On Wednesday, January 3rd, 2018, Google publicly disclosed Meltdown and Spectre, two methods for attacking Intel, AMD, and ARM processor vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). CenturyLink Cloud is aware of these vulnerabilities and is actively mitigating potential threats. Fixes are currently being tested, and anticipate that 92% of our environment to be patched by Monday, January 8th, 2018. Customers who fall into the remaining 8% of infrastructure will be contacted directly within 24 hours for patching timelines. An update will be provided when all fixes are in place.

    At this time, there is no indication that these vulnerabilities have impacted us or have been used to attack our customers.

    Please note that while CenturyLink is patching our environment, we want to remind our customers that they are responsible for updating the operating system of their cloud virtual and bare metal servers. We recommend you check with your operating system vendor(s) and system manufacturer(s), and apply any updates as soon as they are available.

    For managed OS customers, please reference the Patching and update process Knowledge Base article.

    If you have any questions or concerns, please contact


    Read on...

    Changing Your Data Security Tactics for the Internet of Things

    August 29, 2017
    By Jessica Weber

    Chain-Link Fence

    The concept of the Internet of Things (IoT) has introduced new complexities into the web of network security, and the approach to security has to change to accommodate that. In previous posts we've talked about predictive analytics and changing security policies for the digital revolution of IoT, but what exactly is going to change in the realm of data security? Well, according to most technology sources, almost everything.

    The Game Changer

    The biggest problem with security in the IoT is that hackers are coming up with new ways to commandeer and take down IoT devices everyday. This "guerrilla warfare" method is not traditional because it can come from almost any angle (within the corporate data system, attacks on the actual device, etc), so a pattern of attack is hard to establish and then look for within the system. Commercialized products for general public consumption are especially vulnerable because as the products are developed they are often pushed to market before their security features have been fully tested. The agile method of releasing and then reiterating is good for making progress and getting user feedback, but can leave devices vulnerable to attack. There are, however, several ways to combat these security vulnerabilities.

    Move from


    Read on...

    Transform Your Security Policy for the IoT

    August 17, 2017
    By Jessica Weber

    big data lock

    In a previous blog we mentioned the Internet of Things (IoT) and how it is changing the approach towards cybersecurity. Predictive analytics is increasingly becoming an integral part of the security game, as companies invested in IoT use analytics to identify attacks before they happen, an important step in the evolution of security. As IoT continues to increase its share of the IT market and also changes the way we use technology in everyday life, we must adjust our cybersecurity policies to take into account this fundamental shift in security needs.

    IoT is also a big driver in the digital transformation of company infrastructure, as organizations respond to the changing needs and demands of their customers for more technology integration. In fact, research findings published by Inmarsat say that IoT has become the leading reason for digital transformation and is the number one priority for 92% of organizations.

    As companies go through digital transformation and incorporate IoT, they need to keep security top-of-mind. Gartner states that "by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk". Organizations cannot afford to have long periods of downtime due to cyberattacks...

    Read on...

    ThreatConnect Partners with CenturyLink

    August 15, 2017
    By Jonathan Townsend


    CenturyLink's end-to-end security managed services are built to detect, protect, and respond to security threats and malicious activity anywhere customers do business. Bolstering these features, CenturyLink’s Managed Security Services will now leverage ThreatConnect, a threat intelligence-based security platform that taps into SAP HANA. The partnership allows CenturyLink to utilize its Managed Services offering, composed of a data-driven set of tools to improve detection, protection, and remediation services for customers.

    CenturyLink’s security service is built to help Security Operations Center (SOC) specialists and customers identify, block, and mitigate security threats through Security Log Monitoring(SLM), incident management, and response support services. ThreatConnect will integrate with the CenturyLink platform to provide an offering and solution that fits with its customers’ new or existing threat management and security operations functions.

    Regarding ThreatConnect’s impact working with organizations, CEO Adam Vincent said, "the MSSP program is a force multiplier that organizations like CenturyLink can leverage to offer threat detection and response, customized processes or any of a number of premium services to clients."

    Adam Vincent’s vision is centered on automating as much of a SOC as possible and while continuing to build a community around threat intelligence. In years past, the barriers were technology-based as the resources and process...

    Read on...

    Predictive Analytics and Virus Research Have More in Common Than We Think

    July 20, 2017
    By Jessica Weber

    analytics graphic lightbulb

    The Internet of Things (IoT) encompasses many avenues and aspects of modern technology and life. Our devices have enabled us to become a more connected society because they have been designed specifically to connect to one another. But with this connection comes many challenges. As data is shared between the ever-expanding network of "smart" devices, we have to look at how we can protect that data in ways we haven't previously had to.

    What is IoT?

    The Internet of Things is basically a network of connected devices. Or as one Forbes writer excellently described it: "...the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig.". When we talk about IoT, we're talking about the revolution of technology-driven smart devices that have changed the way we live, work, and play. As more and more devices are developed and connected, there are just as many questions and issues that come into...

    Read on...

    Alert Logic: A Better Approach to Security

    July 6, 2017
    By Alert Logic Evangelism Team

    alert logic logo

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This edition's guest provider from the Marketplace Provider Program is Alert Logic.

    Businesses' top priorities are to provide a service that meets the needs of its customer base, grow in their respective markets, generate revenue, and protect their investments. Ensuring that your company has an adaptive and comprehensive security model is one of the best ways to protect the company’s investments, data, customers, and reputation.

    Security threats are nothing new and only continue to evolve, getting harder to detect and eliminate. To ensure that a business is continuously secure takes time, effort, resources, and expertise. This can be a challenge for companies who are trying to manage their security posture while still supporting the day-to-day business operations. IT infrastructure is more dynamic than ever, with on-premises data centers, cloud and hybrid environments, and an ever-changing threat landscape. Without a clear line of sight into your entire infrastructure environment, how can you protect your data and applications from compromise?

    A Better Approach to Security

    Alert Logic's Security-as-a-Service offering...

    Read on...

    Security Made Easy with FlexSecure

    June 8, 2017
    By Sid Prasanna


    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This edition's guest author from the Cloud Marketplace Provider Program is Sid Prasanna, CEO, at FlexSecure.

    Passwordless Authentication Made Easy

    FlexSecure solves a unifying problem -- the need to dynamically secure access to resources and data, based on the user and their level of authorized access. Many solutions exist for granting access in a static way, but no easy-to-use solution exists that can adjust the security authentication requirements in real-time, based on dynamic factors in the security equation.

    By adding FlexSecure to their existing authentication or access control systems, organizations can adopt multi-layered authentication options. Multi-layered authentication enable organizations to add significant levels of security to protect their data from hackers and prevent unauthorized access.

    FlexSecure is a flexible user authentication platform, providing Passwordless and Pin-based authentication, without the need to install an application. This platform enables organizations of all sizes to mix and match appropriate user authentication methods to protect applications on their Cloud, Mobile, and IT infrastructure. The FlexSecure platform is easy and secure and offers...

    Read on...

    WannaCrypt Ransomware Malware Announcement from CenturyLink Cloud

    May 25, 2017
    By Christine Sala

    On May 12, 2017, Microsoft issued a statement confirming a number of their customers had been affected by the malicious WannaCrypt ransomware malware. CenturyLink has taken steps to ensure our Cloud environment has the latest patches and is monitoring for any additional related vulnerabilities.

    If you believe your organization is impacted we recommend all CenturyLink Cloud customers take the below steps to further secure your environment:

  • Install Microsoft Security Update MS17-010 to address the vulnerabilities by correcting how SMBv1 handles specially crafted requests. Details here:
  • Confirm that anti-malware is deployed and updated and work with your provider to confirm you are protected.
  • Ensure the following IP ports (TCP 139, TCP 445, UDP 137 and UDP 138) are blocked at the firewall unless essential to your operations.
  • If you have any questions or concerns, please contact


    Read on...

    Vormetric Live Data Transformation – Boldly Going Where No Encryption Has Gone Before

    May 11, 2017
    By Eric Wolff


    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This editions guest author from the Cloud Marketplace Provider Program is Eric Wolff, Senior Product Marketing Manager, at Thales e-Security. Thales e-Security acquired our long-term partner Vormetric earlier this year.

    Downtime – nobody likes it. Unplanned downtime is almost always expensive. A 2015 report from IDC even revealed that for the Fortune 1000, the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year.

    Planned downtime is also a pain. Before I was in the security business, I marketed network solutions that were “bumps on the wire” which required planned downtime for deployment. There were ways to minimize or even reduce the downtime, but they were complicated.

    These same downtime obstacles present themselves with encryption. There's a great return on investment (ROI) – you can sleep better knowing that data thieves get nothing they can use (and how happy you’re making the compliance team). But, for enterprise-class encryption, there’s almost always a planned downtime period while tens of thousands of files or...

    Read on...

    Using Cloud Storage in Your Data Protection Strategy

    January 3, 2017
    By Jessica Weber

    Data Protection Puzzle

    Reading Time: about 7 minutes

    Many businesses opt to use Infrastructure-as-a-Service (IaaS), particularly for cloud storage, backup, and disaster recovery, to improve upon their existing storage options while controlling costs. The scalability and flexibility of the cloud has a lot to do with these cost-saving measures; many companies pay very little upfront to access a wide variety of storage options, and scale those options up or down as their demand shifts.

    In fact, there are many reasons that IaaS offerings have broad appeal – businesses see the value in low capital investments, paying as they go, anywhere access, and tight security. Unlike many in-house options, using cloud services means that the burden of IT development and upkeep is on the cloud provider, not the primary business. The IT staff at the cloud company take care of the routine and maintenance tasks associated with storage and backup. This allows organizations to focus on other areas within their business services, while still having a reliable way to safeguard their information.

    Data Protection Defined

    Developing a data protection strategy for your organization primarily means thinking about how your critical data would survive a complete failure of some kind. One of the most important decisions your business can...

    Read on...

    Simplifying Health Information Management in the Cloud

    November 21, 2016
    By Chad Zerangue

    simplicity doc.png

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Chad Zerangue, CEO, at Simplicity Health Systems.

    Health information is becoming increasingly difficult to manage as clinical and financial requirements and regulations become more stringent and partnering relationships become increasingly complex. This is especially the case when it comes to sharing information with ancillary services like pharmacies, radiology departments, medical laboratories, third-party providers, and specialist providers. The U.S. Department of Health and Human Services Office of Civil Rights (OCR) has a growing HIPAA Audit Program. HIPAA-covered entities will be required to make sure their systems are compliant with the HIPAA Privacy Act or face heavy fines, jail time, or both. Many small and medium sized healthcare businesses can’t afford multi-million dollar health information systems that larger hospitals and other large health entities can. In turn, they resort to non-compliant tools such as email, fax machines, eFax, RingCentral, Box, and DropBox. Simplicity Health Systems is disrupting that paradigm with a system that allows healthcare businesses to easily share information with their partners,...

    Read on...

    Tips for a Successful Security Strategy

    October 19, 2016
    By Brandy Smith

    secure cloud

    October is National Cyber Security Awareness Month (NCSAM), an annual campaign sponsored by the National Cyber Security Alliance (NCSA). The overall goal, according to the Department of Homeland Security, which participates in NCSAM, is to “increase the resiliency of the Nation in the event of a cyber incident.”

    Security threats are vast and constantly evolving, as should your businesses security strategy.

    Today, security isn’t just about basic protection. Companies have far more to consider than they once did. Now, a security strategy is a holistic approach to protection, prevention, detection and response—and it needs to encompass all aspects of an adaptive security architecture.

    Top Business Security Threats

    Here’s an overview of what you need to consider when implementing, updating, and enforcing your security strategy.

    External Threats

    According to Cisco's Annual Security report, 100% of multinational companies show evidence that suspicious traffic was emanating from their networks and attempting to connect to questionable sites.

    The speed at which external threats are increasing is exponential. There are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up. There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long...

    Read on...

    Increase Security Not Complexity

    October 5, 2016
    By Matt Pley


    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Matt Pley, VP Carrier & Service Provider Group, at Fortinet.

    Cloud computing is becoming increasingly popular among enterprises looking to take advantage of quick deployment, unprecedented scalability, and cost savings. Both public cloud adoption and private cloud infrastructure, including virtualization and software-defined networking (SDN), are rapidly transforming data centers worldwide. Evolving your infrastructure means your security must evolve as well. If your security can’t keep up with the agile public, private, and hybrid cloud environments of today, gaps in protection will occur. The Fortinet Security Fabric has integrated next-generation firewall (NGFW) technology with the CenturyLink Platform to help businesses achieve end-to-end security without the complexity.

    End-to-end Next Adaptive Security Protection

    The award winning Fortinet Security Fabric network security solutions provide end-to-end security across the entire network. FortiGate enterprise firewalls are optimized for internal segmentation, perimeter, cloud, data center, distributed, and small business deployments. Organizations can simplify their security posture with one security solution across your physical, virtual, and cloud deployments.

    Organizations can choose individual services,...

    Read on...

    FlexSecure: Strong Authentication Made Easy

    March 16, 2016
    By Sid Prasanna

    FlexSecure LogoPeriodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Sid Prasanna, CEO of FlexSecure Inc.(

    As cyber attacks and data breaches continue to make headlines, Security-as-a-Service offerings are becoming more valuable by the day. In the IT world, there is now a fundamental understanding that any business with an on-line presence needs to think about data security for both their business and their customers. FlexSecure has joined with the CenturyLink Cloud Marketplace to make the process of providing robust, solid, and capable authentication easy and painless for any customer, regardless of their technical abilities.

    Solution Overview

    The FlexSecure platform enables organizations of all sizes to choose and combine user authentication solutions based on the individual needs of their company. Companies and developers can add pin and passwordless security to their existing authentication mechanisms. Users can also change authentication methods in near real-time through an easy-to-use interface.

    FlexSecure Diagram

    Layered Security

    Some of FlexSecure's primary advantages are:

    Custom user and device authentication: The authentication standards can be "turned up or down" to suit the needs of the users. For...

    Read on...

    How to Tell if You Are Affected by glibc Vulnerability

    February 19, 2016
    By Steve White, Director of Security and Compliance


    Popular media outlets are reporting a new vulnerability that was recently discovered in "glibc" which is a key component in most modern Linux systems. For background, you can read the details of the original discovery and the summary information on the risk rating for this vulnerability.

    The CenturyLink Platform is largely unaffected by this issue. We have patched our DNS servers and the default DNS servers used by customer virtual machines on our platform. Customers running their own DNS servers on Linux-based virtual machines or customers not using the default CenturyLink Cloud DNS servers should apply the released patches to these servers as soon as possible.

    For customers using the CenturyLink Cloud® Intrusion Prevention Service (IPS) your hosts already have detection enabled for any attempts to exploit this vulnerability. This particular signature is set to "detect only" rather than "block" in order to prevent unintended impact to production services. The IPS system will send you an alert using the configured mechanisms if there are any attempts at an exploit. We recommend you update the operating system on your servers according to your standard maintenance cycle. You can learn more by reading our IPS Anywhere post.

    For CenturyLink Cloud® customers using VMs with a...

    Read on...

    Six Data Backup Basics - Not Just for Cloud

    January 7, 2016
    By Mark Lee

    Simple Backup ServiceLet's face it, you never know when the need will arise to restore or recover your data. We’ve all “been there, done that”, or we have it in the back of our mind that we’ll need to do it someday. However, the odds are that the need to restore won’t be triggered because of a disaster or a hack, but more likely because of common reasons such as: system/user error, corrupt data, deleted data, new environments, a legal hold request, or a Governance, Risk Management, or Compliance (GRC) program which requires that the data must be restored as proof that the data is being retained.

    Whatever the case may be, the key to understanding data restoration is knowing that data backups are taking place to begin with; which means planning, implementation, and execution. These tasks can be daunting and riddled with details, which is why they are typically assigned to an operations team (including the planning). However, there are other contributors to backup planning: business owners, product owners, application/database owners, etc., especially when they have a vested interest in restoring or recovering after an issue or event has occurred. Naturally, you want (and need) the correct data restored as soon as...

    Read on...

    Data Center: Media Protection

    October 30, 2015
    By Daniel Morton, et. al.

    Data Center Media Protection

    Ensuring the privacy and confidentiality of data and that customer media is protected are strategic priorities at CenturyLink. That filters down into our chain of custody procedures when handling or transferring customer media and in our procedures for the sanitization and disposal of media. Here's a shocking observation from the National Institute of Standards and Technology (NIST) Special Publication 800-88, Rev.1 on a leading source of media vulnerability and what is needed to close the gap.

    An often rich source of illicit information collection is either through dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or through keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information. Media flows in and out of organizational control through recycle bins in paper form, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of where information is located, what that information is, and how to protect it.

    Part 3 of the Data Center series highlights the safety measures in place for digital and non-digital media in a CenturyLink data center. We've limited...

    Read on...

    Data Center: Environmental Protections

    October 23, 2015
    By Daniel Morton

    Data Center Environmental Protections

    Cyber attacks on major corporations generate big news headlines, especially when they are successful. Threats to a data center from heat, humidity, water, or smoke aren't as flashy in terms of media coverage. They are, nonetheless just as real and, potentially, just as devastating. That's why you need a full array of environmental protections in and around your data center.

    Any data center provider will affirm that they're required; and that all built-in protections fly under the radar until you really need them. To illustrate the point, on January 9, 2015 several news agencies covered a 3-alarm fire at a data center in Ashburn, Virginia. The massive building was under construction. The conflagration apparently had started on the roof. Fortunately, there were no injuries and firefighters were able to extinguish the blaze after about an hour.

    This is Part 2 in a 3 Part series highlighting different protections inside and around a CenturyLink data center. This time we focus on the environmental safeguards that protect the facility, personnel, the infrastructure, and your data. If you missed Part 1 in the series, Data Center: Physical Security, you can find that topic right here.

    Data Center Locations

    We carefully choose the location of a data center...

    Read on...

    Starting from Scratch with Cybersecurity: Introduction to Security Products Part 1

    October 21, 2015
    By Stephanie Wong, Product Owner.

    Security is newsworthy. Recently, the IRS reported as many as 330,000 taxpayer accounts they believe were accessed by thieves. These security breaches often result in identity theft and the loss of critical corporate data, and can cost your company millions of dollars in unrecoverable expenses.

    As a company, you need to be aware of IT security and your need to be protected, and you might be wondering where to start. This post is the first in a multi-part series about the various types of security products available and what they can do for you. These tools can be used to secure anything -- whether it's a home PC or laptop, an enterprise tech stack or even a hosted hybrid cloud solution. The same principles apply everywhere. Initially, we’ll begin with host-based security products.

    Host-based security products are those that reside on or help to protect one host, server, or virtual machine. These host-based security products can be used at home or at work. The three fundamental types we’ll discuss here are Anti-Virus/Anti-Malware, firewalls and IDS/IDP.

    Anti-Virus or Anti-Malware

    Let’s start with Anti-Virus or Anti-Malware products. These products detect and protect against software viruses on your host. These harmful files get to your host through...

    Read on...

    Data Center: Physical Security

    October 16, 2015
    By Daniel Morton, et. al.

    Data Center Physical Security

    "Data security starts with physical security." Natalie Lehrer underscored that point in her Information Week article called A Guide to Physical Security. She's right. Protection of company personnel, facilities, and data begins with physical security. It's a strategic priority at CenturyLink. The "rubber meets the road" in the management and operation of the facilities. Our data centers earn a M&O Stamp of Approval Certification from the Uptime Institute. Joel Stone is responsible for Global Data Center Operations at CenturyLink. Here's his take on the importance of a data center receiving M&O Certification:

    "Earning the M&O certification demonstrates the effectiveness of a data center’s management and operations, giving customers “peace of mind” by ensuring the facility that houses their critical IT functions has passed a rigorous, third-party audit to conform its practices to the highest of standards."

    This is Part 1 in a three part series covering various aspect of data center security. Part 2 will discuss environmental protections. Part 3 will cover media protections.

    Security Policies

    It starts at the top. Physical security at a data center is governed by CenturyLink Corporate Security. This group oversees the policies, processes, and work rules ensuring that all data centers operate under a consistent set of procedures...

    Read on...

    Security and Audit Compliance is Hard – Automate It with Cavirin and CenturyLink Cloud

    August 25, 2015
    By Tim Thompson

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Tim Thompson of security and compliance provider Cavirin.

    Cavirin ARAPNo business wants to be exposed to risk, fail an audit, or get breached. We can help. With Cavirin’s Automated Risk Analysis Platform (ARAP), now integrated within the CenturyLink Platform, you can elevate your security posture and add an extra layer of transparency and visibility in your cloud ecosystem, without any additional security staff or heavyweight security tools.

    Strengthen your cloud infrastructure without sacrificing security or compliance.

    ARAP can help strengthen your infrastructure by continuously monitoring your CenturyLink Public Cloud environment as well as on-premise environment -- seeking out configuration changes as well as new devices and grading the associated risk based on security and compliance guidelines that you apply. Our platform paints a clear picture of the risk within your dynamic IT ecosystem, so that you stay proactive, well ahead of potential risks to security or gaps in compliance.

    ARAP is agentless and automated, which means cost and time savings for you.

    To us, automation is just...

    Read on...

    How to Securely Hook Up a Cloud Management Platform in Your Private Datacenter

    July 30, 2015

    Platform Security

    Most customers prefer cloud application lifecycle management as a SaaS service. But we’re conscious of companies whose high-security constraints like limited datacenter Internet access or fully controlled periodic backups require an on-premise solution. For those companies and DevOps users, Cloud Application Manager is available as a virtual appliance.

    Today, the Cloud Application Manager virtual appliance is an OVF package for vCenter vSphere and in QCOW2 format for OpenStack. To get access to all the same functionality as the SaaS solution, the only thing you have to do is install the virtual appliance in your virtual platform and plug into your datacenter network. At which point, you experience Cloud Application Manager hosted on your infrastructure where you get the same controls to manage, backup, and restore as you do on other systems in your datacenter.

    At Cloud Application Manager, we care deeply about security and for this reason all the communication for the SaaS and the virtual appliance solutions are encrypted. By default, we ship the virtual appliance with a certificate signed by Cloud Application Manager. But using the appliance setup console, you can set up a certificate signed by a trusted CA or install your self-signed certificate.

    To create and install a self-signed...

    Read on...

    Cloud Security Tools and Services

    June 10, 2015
    By Ben Brauer

    Third in a series of 3 blogs on Cloud Security

    Now that we’ve covered cloud security fundamentals and how CenturyLink secures its cloud, for our final post on security this week, we turn to addressing managed services for cloud-based resources.

    Many cloud users would like to assign the majority of security responsibilities to a third party service provider, particularly if the workloads and applications are not core to their business. Yet maintaining a high level of cloud security is essential to their business. Using a cloud service provider with expertise in cloud security makes sense; the right provider will have a breadth of experience and skilled employees in this specialized field. In-house cloud security expertise is increasingly hard to find, and even harder to keep.

    Security for Managed Server and OS

    CenturyLink Cloud offers managed services for operating systems and applications, such as a Windows Server running IIS, Active Directory, or Redhat Linux machines running Apache Tomcat. These managed services include built-in security features and security options. For example, the Operating Systems come with industry-standard anti-virus protection and regular virus and malware signature updates. It has to be hardened, e.g. by closing off ports, downloading and applying the latest security updates...

    Read on...

    Is CenturyLink Cloud Secure?

    June 9, 2015
    By Ben Brauer

    Best Practices for Service Providers: 2nd in a series of 3 Cloud Security Blogs

    Welcome back to our cloud security week! Today our cloud security series has a focus on how CenturyLink Cloud manages its cloud environment, per the shared responsibility model described in this week’s earlier post and our recently released Cloud Security Overview.

    With security as the top IT concern for many years, it’s no surprise the industry worked hard to alleviate enterprise customer security concerns. Today many organizations actually feel more comfortable with security in the cloud than they do with that of their on-premises data center. One customer noted, “when we were running our own datacenters, it was a full time job just to evaluate and install all the required security patches. We just didn’t have the ability to get to them all. That was creating risk.”

    Let’s look at some best practices in critical areas under the cloud security domain, including APIs, user management, logging, and identity and access management.

    Securing API Calls

    Application Programming Interfaces (APIs) allow you to integrate your cloud-based application with myriad other systems regardless of their locations or platforms. They’re great for business agility, but they introduce an additional...

    Read on...

    Security Matters - 1st in a series of 3 Cloud Security Blogs

    June 8, 2015
    By Ben Brauer

    Security is paramount at every layer of the infrastructure stack, from the underlying hardware to the application itself. The advent of cloud and hybrid IT models has extended this conversation off-premise when creating cloud-enabled applications.

    This is the first post in a cloud security series on topics ranging from the shared responsibility model to the intricacies associated with identity and access management, just to name a few. These posts build on cloud security best practices covered in our recently released ebook, 5 Best Practices for Cloud Security, and our detailed look at security in the CenturyLink Cloud Security Overview.

    Today’s blog discusses the shared responsibility model and the least privilege principle. These two lay the foundation for most security decisions when adopting and leveraging cloud-based infrastructure resources. Without them, businesses using cloud may not know when or how to secure their environments or what actions authenticated users can take.

    Shared Responsibility Model

    The shared responsibility model describes an understanding between the cloud provider and its users, where the provider manages security of the cloud and users managesecurity in the cloud. Security of the cloud normally constitutes physical assets, underlying network and IT infrastructures, and foundational...

    Read on...

    Ecosystem Showcase: Add Layers of Security to your CenturyLink Cloud Networks

    June 5, 2015
    By Margaret Walker, Cohesive Networks

    Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Margaret Walker from Cohesive Networks, a software-defined networking company.

    Cloud computing effectively outsources a lot of the traditional data center operations and management roles and responsibilities. Cloud providers build data centers that are faster and cheaper than most enterprises. That's great but what does that mean for the way you, the cloud users, secure your cloud resources?

    Public cloud is arguably just as secure as an on-premise data center, but getting data to the cloud uses the public internet. The public internet is just that - public. Your data in motion moves from your device, over the public internet, then into a secure cloud environment.

    Shared Attention: Overlapping Security Controls Are Powerful

    CenturyLink is excellent at building secure data centers, screening and vetting their staff, and automating security controls that support their compliance policies. With a solid cloud platform, you no longer have to worry about hardware and virtual security in Layer 0 – 3.

    So the underlying cloud is secure, which means you have...

    Read on...

    [UPDATED] “Shellshock” Vulnerability & What You Need to Know

    August 25, 2014
    By Jared Ruckle, Senior Product Manager. Find Jared on Twitter

    A new vulnerability was recently identified in the “bash” shell that a default component of most Linux operating systems deployed globally today. This vulnerability – dubbed “Shellshock” - is being compared to what was experienced earlier this year with the Heartbleed bug because of the widespread use of the impacted Linux operating systems.

    Shellshock has been assigned the highest risk rating of “10” according to the Common Vulnerability Scoring System (CVSS). Why? The vulnerability can be exploited across the network, it does not require any authentication to exploit, and exploiting this vulnerability is simple.


    Unmanaged Customers - Patch Your Systems in the CenturyLink Cloud Immediately


    If you have instances running a Linux operating system in CenturyLink Cloud data centers, you are likely affected.  Our unmanaged customers are responsible for day-to-day configuration and deployment of these systems, so it is the customer’s responsibility to remediate any affected systems.

    We recommend you apply the updates for this vulnerability as quickly as possible. This is especially important for those servers running Apache web servers as there are published exploits already circulating for Apache websites.


    Managed Customers – Request Patching via Ticket with Managed Services Help Desk


    Customers running managed environments (including Apache) on CenturyLink Cloud will have their systems...

    Read on...

    Securely Connect to Your AWS Cloud Resources

    July 10, 2014

    When using Cloud Application Manager, you bring your own cloud. To deliver the absolute best experience of deploying applications on any cloud, we are working very closely with all the cloud providers that we support – Google Cloud Platform, Amazon Web Services, Microsoft Azure, OpenStack, CloudStack, and VMware. One of the topics that often comes up is security. Today, we’re adding enhanced security for our AWS support.

    Our friends at Amazon have built comprehensive Identity and Access Management (AWS IAM) features, which enable enterprises to grant and control secure access to specific AWS resources. For instance, with AWS IAM, cloud administrators can set up password policies for the user groups, delegate user and application rights with roles instead of sharing credentials and even enable multi-factor authentication for more privileged users. AWS IAM helps cloud administrators to narrow down the user rights and grant the least needed privileges for the users and applications.

    At Cloud Application Manager we are putting a lot of emphasis on security and hence we are proud to take advantage of the AWS IAM features. It is essential for us that we always comply with the industry standards and best practices of security and risk management. Starting July 11th,...

    Read on...

    Heartbleed Vulnerability Update

    March 9, 2014
    By Richard Seroter, Head of Product Management. Find Richard on Twitter

    A dangerous bug was identified in a popular SSL/TLS library that powers many of the web servers in the internet. This bug – called Heartbleed – allows attackers to retrieve data stored in a server’s memory and access sensitive information.

    CenturyLink Cloud wants you to be aware of one impacted area which was identified through our comprehensive assessment: OpenVPN software. The Linux distribution used for OpenVPN does not yet have an updated, patched package available to remediate this vulnerability. We are actively pursuing other solutions and will have an update on this issue shortly. [Please see update and action items below]

    As this issue is related to OpenVPN client software, we believe it is important to detail what type of communication between users/machines may be affected by this vulnerability.

     * Control Portal system is NOT affected, so there is no need to change your password to the web site.

     * Site to site VPN tunnels from customer premise equipment to CenturyLink Cloud data centers are NOT affected.

     * Site to site VPN tunnels between customer servers in a particular CenturyLink Cloud data center to other customer servers in a remote CenturyLink Cloud  data center are NOT affected.


    Read on...

    Activate Your Account in Minutes

    High performance, fast deployment times and intuitive management capabilities that will push your business forward

    * An SMS message will be sent for verification. Standard rates apply.

    ** See details, terms and conditions