Advanced Cloud Security and Compliance that Protects Enterprise Systems and Data

Move to the CenturyLink Cloud with confidence.

Cloud Security & Compliance that Exceeds Your Requirements

With our “defense in depth" approach, customer environments are protected by multiple security measures at every level – securing physical equipment, cloud resources, and customer data. In addition, an extensive permissions system extending to the group and individual VM levels ensure only authorized users can access and alter systems. And we’ve worked with the leading IT auditing firms to ensure our systems are ready to support most global organizations.

Account Security

We provide customers with role-based access to their cloud environments. Users access the Control Portal with a username and password, or by Single Sign On through SAML. All actions performed by users through the Control Portal — such as provisioning servers, adding public IP addresses and powering-on a server — are logged and auditable. These logs are never deleted, and customers can view access logs on an entity by entity basis.

Network Security

CenturyLink Cloud establishes a robust digital perimeter around your cloud environment. Access to customer servers can only be done via a certificate-based VPN connection unless specific public ports have been explicitly opened up by the customer. Customers can extend to two-factor authentication via LDAP (Microsoft Active Directory or OpenLDAP on Linux) for additional security where needed.

Customer environments on the CenturyLink Cloud are protected by a series of redundant Juniper SRX firewalls employing Unified Threat Management (UTM) technology. Each customer service runs on its own private VLAN, and each virtual machine is isolated with zone-based firewalls. Customers can also use secure connections such as Persistent\User VPN, Direct Connection, or MPLS.

Data center Intrusion Detection System (IDS) and Intrusion Detection and Protection System (IDP) attack detection and prevention features screen incoming traffic for potential attacks. This protection is available data center-wide, and is implicitly enabled. Read this KB article for more details on CenturyLink Cloud and IDS & IDP.

In addition to real-time monitoring and NOC support, we perform Nessus vulnerability scans upon request as a service task. Then, you can choose to work with us as part of a paid engagement to mitigate any vulnerabilities, or take action on their own. To make sure that cloud servers are regularly protected with the latest operating system patches, CenturyLink Cloud offers managed operating system capabilities that keep customer machines up-to-date with vendor updates.

Physical Security

Each CenturyLink Cloud data center is housed within private, caged enclosures. Entry to the data center premises requires an electronic proximity key card. Data center facilities are staffed 24x7x365 and monitored by cameras. An electronic proximity card control portal, biometric scan, and onsite data center personnel provide additional security inside the facility. Only CenturyLink authorized staff are allowed access to the private cage enclosure and they access physical hosts via two factor VPN authentication (SSH or RDP Access with Local administrator/root account and password required). All access is logged in both the CenturyLink Cloud Control Portal and the ticketing system.

CenturyLink’s data centers around the globe are independently audited and certified to meet the standards of SOC 1/SSAE 16; ISO/IEC 27001:2013; and Uptime Institute’s M&O Stamp of Approval and Tier Certifications.


CenturyLink understands that compliance is essential. We offer a variety of solutions that adhere to the most stringent of government regulations and compliance standards (HIPAA, SOC1, SOC2, ISO, PCI, FERPA, COPPA, CAIQ STAR, EU-Directive, etc.) Even if a given IT solution doesn’t require regulatory compliance at this time, know that CenturyLink can scale with you and provide the protection and ease of mind when you do.

Security Patching

Servers need to be regularly patched to stay secure and remain compliant with the OS vendor requirements. This is particularly important for longstanding VMs that your business counts on to always be up and running without a hitch. CenturyLink Cloud offers Automatic Operating System Patching Management — or Patching-as-a-Service — that will automatically patch individual servers or Groups. You can enable the service through a Blueprint, script package or an API. Once deployed, the service informs you when the patching begins and ends via email. You can also pull the list of patches applied via API to ensure that all critical patches have been installed on your servers. It’s a simple thing, with a big payoff in time savings and peace of mind. Learn more about Automated Patch Management.

Shared Responsibility for Cloud Security & Compliance

Cloud security fundamentally relies on a “Shared Responsibility” model, with clear demarcations for where the obligations lie with the infrastructure provider versus the customer. CenturyLink is fully responsible for securing the underlying infrastructure of the cloud — the IaaS. Responsibility lies with customer for securing their VMs as well as the applications and systems deployed thereon, whether through their own technologies, or by relying on tools offered by CenturyLink and its partners.

CenturyLink Cloud Security &
Compliance at a Glance

Physical Security
  • Physical security controls audited to SSAE 16 or ISO 27001 standards
  • All access is logged in both the control panel and the ticketing system.
  • Logical security policies and processes audited to SSAE 16 standards – built around IT best practices
  • Server and Operating System hardening
  • Managed carrier class firewalls
  • Intrusion Prevention services included
  • Automatic Operating System Patch-Management
  • Dedicated VLANs/IP addresses
  • Transparent database encryption available
  • Nessus vulnerability scanning available
  • 24x7 monitoring and incident management
  • Role-based access - authentication and authorization permissions set explicitly per resource type
  • Username/password or SAML sign on
  • All actions logged and auditable
  • SSAE 16 SOC 1
  • SSAE 16 SOC 2 Type 2
  • Support for complex regulations like HIPAA
  • ISO 27001
  • PCI DSS 2.0
  • Safe Harbor

Related Products


Connect networks within a particular data center through the use of configurable firewall policies, and create firewall policies that connect different data centers.

Load Balancers

Ensure maximum uptime and reliability, the CenturyLink Cloud offers a portfolio of cloud load balancers to meet the unique requirements of your apps.

Disaster Recovery

Affordable protection for your on-premise data & production VMs. Avoid the enormous costs of IT downtime and data loss with SafeHaven for CenturyLink Cloud.


Protect your data across the public internet with desktop virtual private network (VPN) software via a self-service, persistent network-to-network tunnel.

Backups & Block Storage

Persistent, high-performance storage for every enterprise scenario. Easily add backup & DR capabilities as needed.

CenturyLink Cloud Recognized by Frost & Sullivan

CenturyLink honored with Frost & Sullivan’s 2015 “Company of the Year” award.

Get the Report

Customer Case Studies

We’ve helped businesses like yours be more successful in the cloud.

View Success Stories

Get a Quote

Ready to talk pricing? Tell us about your project, and let our cloud experts put a proposal together for you.

Request a Quote

Start your free CenturyLink Cloud trial today.