< Compliance
CenturyLink Cloud has self-assessed via the STAR CAIQ

CenturyLink Cloud and CSA STAR

CenturyLink complies with the CSA Security, Trust and Assurance Registry (STAR), a comprehensive set of offerings for cloud provider trust and assurance.

Enterprise IT departments are moving extensive computing and infrastructure out of their data centers and into the cloud to take advantage of the many benefits provided therein. However, cloud security is of paramount concern, both to customers and to cloud services providers who are serious about meeting the needs of mission-critical enterprise IT.

In demonstration of our commitment to cybersecurity and promoting cloud industry best practices, CenturyLink Cloud has submitted a Cloud Security Alliance CSA Consensus Assessments Initiative Questionnaire. This information is publicly available, promoting industry transparency and providing customer visibility into CenturyLink’s security practices.

The Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment CSA harnesses the subject matter expertise of cloud security industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.

CSA STAR Program

CSA is the industry organization responsible for STAR - the Security, Trust and Assurance Registry, a cloud security provider certification program. STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. It is a three-tiered provider assurance program integrating self-assessment, 3rd party audit and continuous monitoring.

CSA STAR Self Assessment

CSA STAR Self Assessment is free and open to all cloud providers and allows them to submit self-assessment reports that document compliance to CSA-published best practices. Since the initial launch at the end of 2011, the CSA has seen tremendous growth in STAR Self Assessment. Cloud providers may submit two different types of reports to indicate their compliance with CSA best practices. Participation in the program is entirely voluntary, and not all cloud vendors rise to this level of scrutiny or security.

The Consensus Assessments Initiative Questionnaire (CAIQ)

The CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings. The questionnaire provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. CenturyLink Cloud offers this report to document compliance and commitment to world-class cybersecurity standards. We've also made this questionnaire available to customers who want to meet these compliance guidelines. Download the questionnaire here.

The Cloud Controls Matrix (CCM)

The CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security (IS) tailored to the cloud industry. CenturyLink has opted not to submit this report, as we are confident that we've addressed all such concerns in our other certification and compliance efforts, including SOC 1, SOC 2 and ISO 27001. However, we have made this detailed CCM worksheet available to our customers to facilitate their compliance efforts.

CSA Star only applies to CenturyLink Cloud architecture and our Control Portal and does not cover security controls on our other services or products, or websites maintained by other companies or organizations to which we may link.

Related Products

Cloud Servers

Hybrid-ready public cloud provides the agility, scalability and security expected from an enterprise-class cloud, backed by an industry leading global network.

Managed Services

Experts at the ready to maintain and administer your cloud deployments. Rapid provisioning, hourly billing, and highly automated.

Managed Security

A full complement of threat prevention, threat management, incident response and analysis services to support your hosted or on-premise enterprise security environments.

Managed Hosting

Maintain complex IT infrastructure and applications with our comprehensive portfolio of managed hosting services including, fully manage networks, servers, storage, operating systems, and security.

Managed Storage & Backups

Gives a range of storage options including data replication and back up/archiving. CenturyLink solutions are secure, affordable and can provide data resilience with up to 5 nines.