Lumen Cloud Risk Assessment Services
Free Trial Terms
May 8, 2023
These Free Trial Terms and Conditions (“Free Trial Terms”) sets forth the scope of work and terms and conditions of the Services (described below) to be provided to Customer by Lumen and govern Customer’s access to and use of the Services. Customer or You is defined for the purposes of these Free Trial Terms as the business entity or person representing the business entity who is agreeing to these terms and has subscribed to the free trial of the Services hereunder. “Lumen” is defined for purposes of providing Services under the Free Trial Terms as Lumen Technologies Singapore Pte Ltd.
These Free Trial Terms incorporate by reference and is governed by the Lumen or CenturyLink Master Service Agreement or other service agreement executed between the parties and the Custom Solutions and Services Schedule, or the then current standard Lumen Master Service Agreement and Custom Solutions and Services Schedule if not executed as of the Effective Date of these Free Trial Terms, copies of which will be made available upon request, (collectively, the “Agreement”). The Services are governed by Free Trial Terms and any attachments, and the Agreement. Capitalized terms not defined in these Free Trial Terms are defined in the Agreement.
These Free Trial Terms are effective when You click the checkbox that indicates that You have read and agree to the Free Trial Terms. If You are accepting on behalf of an entity, You represent and warrant that (i) You have full legal authority to bind that entity to these Free Trial Terms; (ii) You have read and understand these Free Trial Terms and agree that it is a legally binding agreement and the equivalent of a signed, written contract; and (v) You agree, on behalf of the business entity you are representing, to these Free Trial Terms.
Lumen agrees to provide Customer the Services under these Free Trial Terms for a trial period of up to fifteen (15) days commencing on the Services Effective Date (“Try Period”). Services Effective Date is defined for the purposes of these Free Trial Terms as the date Supplier notifies Customer of its acceptance to Customer’s subscription request for a free trial of Services. Customer’s sign up for free trial of the Services on Lumen’s portal shall be considered Customer’s subscription request. Customer will not be obligated to pay any charges associated with the Services during the Try Period. Customer will receive the assessment Services identified in these Free Trial Terms upon Lumen’s acceptance explained above. Lumen reserves the right to suspend or terminate the Services at any time during the Try Period.
2. Scope of Services
Lumen will provide the Cloud Risk Assessment Services identified below at no charge. All Services not identified here are out of scope. Every virtual object being registered, discovered, and assessed by the Service (collectively the “Asset(s)”) is measured by overall instances used by Customer. Assets include objects (i.e., infrastructure, networks, network devices, databases, security appliances) in the cloud, and are typically identified by a unique IP or MAC address.
The Services assess Customer’s cloud security posture and helps to determine where they are most at risk. The assessment will evaluate unsecured data, suspicious activity, vulnerable assets, organisational responsiveness, and authentication configurations against known risks. The Services provide real-time visibility into Customer’s multi-cloud environments and identify potential known cloud security threats. The Service is available in respect of specific supported public cloud platforms, as supported by Lumen and/or Lumen’s supplier from time to time (Supported Public Cloud Platform(s)). Therefore, the Service may only be available to Customer that uses Supported Public Cloud Platform(s). The list of Supported Public Cloud Platform is available upon request, and may undergo change from time to time as determined by Lumen.
3. Project Schedule & Scoping
- Introductory Call and Setup: An initial call may be scheduled within five (5) days from Services Effective Date. During this call, Lumen will collaborate with the Customer’s primary point of contact to define timing and assets to be assessed.
- Cloud Risk Scan: Using Orca Cloud Security Platform or another applicable technology, on an automated basis, Lumen will conduct a technical scan, as described below. The Service allows the Customer to confirm the existence of the identified vulnerabilities; misconfigurations in Customer’s network, workload, IAM (identity and access management) and service; neglected assets; provide major insights on known cloud risks; potential attack path analysis, compliance overview, allows for better prioritization of threats, and reduces false positives identified from automated scan results. Cloud Risk Scan will be performed against Assets on the Customer’s Supported Public Cloud platform.
- Assessment Report: At the conclusion of the assessment period, Lumen will prepare a written report consisting of an executive summary, technical findings, and recommendations (“Assessment Report”). Lumen will review the Assessment Report with Customer and provide guidance for mitigating the relevant risks with Customer via telephone after delivering the Assessment Report. Lumen will provide the Assessment Report in Portable Document Format (PDF) and make reasonable efforts to eliminate false positives and prioritize issues via the risk levels described below:
- Executive Summary: The executive summary will contain a concise summary of the findings, methodology and associated recommendations targeted to a non-technical, executive audience. The emphasis in the executive summary will be business-focused and concentrate on actionable risk areas.
- Technical Findings: The detailed findings will outline all issues observed and, where applicable, provide supporting appendices (for example, technical tool output details may be provided). Vulnerabilities or alerts will be rated in following manner:
- Critical: Activities or vulnerabilities that may immediately result in significant and/or permanent risk to the company or client reputation or mission-critical operations (i.e., unauthorized access to employee or Customer confidential data; financial loss, litigation exposure, etc.).
- High: Activities or vulnerabilities that can be exploited by a skilled attacker to gain access to systems or sensitive information. This access could quickly evolve into a Critical risk based on the sensitivity of the systems or data being accessed.
- Medium: Activities or vulnerabilities that could quickly evolve into a High-risk vulnerability through further research, physical or technical penetration and/or social engineering. Also pertains to High-risk findings that do not appear to be readily repeatable.
- Low: Activities or vulnerabilities, including the release of sensitive system or application information, that could eventually lead to heightened risks.
- Configuration or Informational: Activities or vulnerabilities that release information that is not necessarily sensitive, including open ports, IP addressing, etc.
4. Customer Responsibilities; Requirements
- Customer acknowledges and agrees that its failure to perform its obligations as detailed in these Free Trial Terms may result in Lumen’s inability to perform the Services.
- Customer will provide during the onboarding the required permission access rights to the Customer’s Supported Public Cloud Platform.
- Customer will specifically identify and provide Lumen with access to all relevant Customer-controlled information, resources and locations required to complete this agreement.
- Customer will assign a dedicated, authorized representative who will be available throughout the project, and Customer will keep contact information up to date with Lumen, including email address.
- Customer is responsible for receiving authorization from third-party cloud or hosting providers prior to commencing testing.
- No equipment is included in the Service.
- Lumen will take a “risk based” approach toward assessing the Customer’s in-scope assets, systems, and IPs in the time allotted for the assessment.
- Public Cloud Assets: This test can be performed on Assets that are available on the Supported Public Cloud Platforms and will only be able to access those Assets through whatever boundary protection Customer has in place.
- All in-scope assets can be scanned remotely from a single location.
6. Service Performance
Lumen does not guarantee or warrant that the Services will accurately identify all risks, potential security and/or compliance gaps. Lumen nor its vendor will be liable for any damages which Customer, or third parties may incur as a result of Customer’s (i) non-compliance with any standards which apply to Customer, and (ii) reliance upon (or implementation of recommendations from) results, reports, tests, or recommendations related to the Services. Customer’s sole remedy for Service performance claims or dissatisfaction with Services is to terminate these Free Trial Terms.
-End of document-