Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services

        Infrastructure as a Service

        Take a 30-day free trial of 11:11 Cloud.

        Cloud hosting built for your business.
        START FREE TRIAL
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Network Consulting Services
        Connectivity Services

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Free Trial
Tags: Cloud Services
Author: 11:11 Systems
Date: May 3, 2018

Cloud Security: Getting the Balance Right

Cloud SecurityEditor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.

In their report “CISO Playbook: How to Retain the Right Kinds of Control in the Cloud,”* Gartner addresses the need for security and risk management leaders to embrace a new mindset when moving to the cloud. In the playbook, Gartner highlights a number of recommendations across identity and access management, encryption, demonstrating governance and compliance and measuring cloud service provider SLAs. We’ll cover how 11:11 Systems helps customers address each of these areas in this blog.

With over a decade of experience helping customers adopt cloud computing across IaaS, DRaaS, and cloud backup use cases, we have witnessed the evolution of customer concerns about cloud security first-hand. In response, we’ve adapted our cloud platform and services to meet these everchanging customer priorities.

Who takes responsibility for cloud security?

IT teams are all too familiar with managing the resources that make up their IT infrastructures, from the buildings they are housed in, to the electricity and cooling supply, through to the server, and all the way down to the storage and networking infrastructure. Gartner makes the analogy that moving to the cloud is a bit like driving your own car on a journey as compared to being flown somewhere in a plane. You are relinquishing control of the maintenance and driving of the car to the flight crew of a plane. Whereas you might check the oil, tires, and windshield washer fluid on your car once in a blue moon, the plane will be checked rigorously every flight.

Much like the flight crew on a plane, 11:11 has included all the security features that on-premises environments have built up over time in our 11:11 Cloud Console. This includes best-of-breed edge firewalling, load balancing and VPN capabilities, as well as anti-virus/anti-malware, intrusion detection, vulnerability scanning, log inspection, file integrity monitoring, and suggested remediation for security issues.

Another observation Gartner makes in the report is that with the advent of distributed systems networking, we are no longer responsible for (or concerned with) the physical aspects of wide-area networking. We believe this is where the first concept of a “cloud” came from the field of networking. You are no longer concerned with how traffic gets from A to B from a physical networking and cabling perspective, you are just concerned about the fact that it does in a suitable period of time.

This idea extends nicely to cloud computing where you no longer have to worry about physical infrastructure lifecycles: servers, storage, local area networking, power, UPS, cooling, or rack space. You are just consuming resources.

This then brings us to the concepts of the shared responsibility model of cloud computing. Where is the demarcation line between different layers of cloud infrastructure? In the on-premises world, IT departments are responsible for the entire IT stack. In the “as a service” world, service providers become responsible for different aspects of the stack as you move from IaaS, to PaaS, and to SaaS – leaving the customers with SLAs covering the various service offerings.

Identity and Access Management

With the new shared responsibilities in the cloud, it is extremely important, as Gartner recommends in the report, to instill an effective Identity and Access Management (IAM) strategy. The 11:11 experience is that, in cloud environments, it is so easy for people to simply all log in as “root” or “administrator” and have access to all aspects of the platform. We’ve found that this can be dangerous for a number of reasons:

  • While everyone can create stuff, they can also change or delete it.
  • There is no real audit capability when everything is done by the same user name.
  • If the password falls into the wrong hands, bad things will happen.

It is fine if someone wants to do some short-term testing of a cloud platform and needs to be unhindered in their capabilities. However, it is far better (and safer) to start with a “least privilege” methodology. In this way, individual users are given just enough privileges or capabilities appropriate for their role. If they need additional capabilities, these can be added for a short time and then removed again unless it can be shown that they need to keep those additional privileges. Everything they do will be audited with their user name. Clearly, this strategy will apply to the different capabilities or functionalities provided by the cloud platform.

It is also important to apply the IAM strategy on the cloud platform and the applications and services that the cloud platform is presenting to the outside world. A simple example might be email.

  • The email server might be running within a virtual machine on the cloud platform. Its storage and networking might be administered by a cloud platform administrator with a particular set of permissions. Additionally, the email application might be accessed over the internet, so the edge firewall settings to allow access to the email application will also need to be administered.
  • The email application itself, running inside the virtual machine, will be managed using another set of permissions. This might also include a database.
  • At the highest level, users will be accessing the email server from their email client on a desktop or phone using their own credentials.

Encryption

Aside from identity and access management, the topic of encryption of data at rest and in transit is often seen as yet another way to secure, segregate, and isolate data on a public cloud platform. It is highly unlikely that anyone would be able to break into a public cloud data center and physically steal a disk drive containing your data, even if they could find the actual drives that your data resides on.

However, it is highly recommended to consider using encryption in the following areas:

  • Data at rest – is the storage encrypted at rest to mitigate against physical data theft?
  • If using virtual machines, can the virtual disks be encrypted? Who holds the private keys?
  • Encrypt data in transit between application and user at a minimum, perhaps using HTTPS/TLS.
  • Site-to-site VPNs should use strong encryption.
  • Consider the use of encryption in database applications.

Monitoring and Instrumentation

As discussed earlier, in addition to implementing a strong IAM strategy, it is equally important to enable logging for auditing purposes. Who did what to what and when?

In a global cloud strategy, the question of location can also come in. Particular users might only be allowed access to certain locations for data sovereignty control purposes.

Monitoring the cloud infrastructure is also important to ensure rapid alerting and diagnosing of issues, including:

  • Monitoring performance statistics within the VMs or PaaS applications running
  • Monitoring of network components, such as firewalls, routers, and load balancers
  • Logging of user logins, failed attempts, firewall issues, intrusion detection

To enable this, 11:11 has taken advantage of the rich APIs offered by our technology partners including, VMware, TrendMicro, Tenable, Zerto, and Veeam, to surface relevant monitoring information into the 11:11 Cloud Console, via a market-leading Cassandra database. Not only is real-time information available but data can be retrieved and viewed for up to a year. A higher-level API makes this information available to authenticated and authorized external users.

Adherence to Compliance Regulations:

Here at 11:11, we have always focused on delivering secure and compliant cloud services to our customers. In addition to providing all the security features that businesses have been used to in their on-premises environments, we have also led the way in terms of compliance and certification to relevant industry best practices and emerging standards.

Additionally, as customers continue to face an increasingly regulated environment, 11:11 has established an in-house certified compliance team to work with customers to provide documentation and expert compliance assistance to fulfill audit requirements across the US, EMEA, and APAC.

Contracts and Service Level Agreements (SLAs)

The final recommendation is around cloud service provider contracts and SLAs. As with any commercial agreement, there will be contracts, master service agreements, and the SLAs within them to understand and contract to.

Many CSPs, especially the hyperscale providers, can be extremely rigid with their SLAs and can be very inflexible when asked to change them. Where do they stand on different aspects of compliance? Are they able to share their certifications and attestations? How flexible are they with their SLAs on subjects such as availability? Will they pay out service credits if service is not available according to the SLA?

In a previous blog article, we’ve discussed how 11:11 delivers a 100 percent availability guarantee backed by service credits and how we use the features of a VMware-based cloud platform to achieve this with cloud-to-cloud DR for additional resiliency.

To summarize, with security risks and compliance regulations only increasing along with the adoption of cloud services, it’s important to understand shared responsibility with regard to cloud security. Striking the right balance between relinquishing and maintaining control in the cloud will enable your business to securely leverage the many benefits of cloud services.

*Gartner, “CISO Playbook: How to Retain the Right Kinds of Control in the Cloud,” Steve Riley, 21 March 2017.

Categories: IaaS, SecurityBy 11:11 SystemsMay 3, 2018
Tags: Cloud Services
11:11 Systems

Author: 11:11 Systems

11:11 Systems (“11:11”) is a managed infrastructure solutions provider that holistically addresses the challenges of next-generation managed cloud, connectivity and security requirements. 11:11 combines the teams and technology behind market leading, analyst vetted companies like Green Cloud Defense and iland to deliver increased performance, optimization and savings.

Post navigation

PreviousPrevious post:DRaaS with Veeam – The Veeam NEA and Failing OverNextNext post:Advocating for Disaster Recovery in Your IT Budget Planning

Related Posts

Digital Operational Resilience Act (DORA)
Helping the Financial Sector Deliver Secure and Modern Infrastructure through Regulation
July 10, 2025
vulnerability management
A Modern Approach to Managing Vulnerabilities
May 30, 2025
Cyber Resilience
Data Protection vs. Cyber Resilience: Mastering Both in the Complex World of Gambling
May 27, 2025
Elevated Cloud Backups With 11:11 Systems
May 19, 2025
Cost Optimization: DRaaS to IaaS
Cloud Smart: From DRaaS to IaaS  
May 16, 2025
effective passwords
Creating Effective Password Policies in Your Organization
May 5, 2025
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2025 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top