Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Tags: Cloud Services
Author: 11:11 Systems
Date: August 10, 2017

Shared Responsibilities for Cloud Computing: Who Does What in the Cloud? Part One

Cloud Security

Date: August 10, 2017

Author: 11:11 Systems

Editor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.

 

There have been several articles published recently discussing the shared responsibilities of cloud service providers (CSPs) and customers when it comes to cloud computing.

The lure and mystique of cloud computing sometimes gives customers a false sense of security (no pun intended) that the cloud will auto-magically provide new levels of security for their applications, without them even having to think about it. However, the cynics out there will also remind us that the cloud is just ‘someone else’s computer’ and to a certain extent, that is true.

With cloud computing prevalent for several years now, many will be familiar with the “Pizza as a Service” comparisons that have been bandied around on LinkedIn, Facebook, and Twitter. People are trying to use a pizza analogy of “make it yourself” versus buying it from a take-away or restaurant.

Pizza as a Service

As seen in the example above, this analogy has been used to explain the differences between on-premises IT, and cloud computing offerings from IaaS, PaaS, and SaaS.

Breaking this down further, and more relevant to IT,we see a clear division of responsibilities when it comes to IaaS when compared to on-premises IT.

On-Prenises vs IaaS
In the diagram above, all the main elements are detailed from an on-premises and IaaS perspective. Arguably, there could be another box for “cloud management platform”, and you will find differing versions of the diagram out there.

Virtualization is a key technology that has enabled cloud computing, and cloud management platforms have enabled the self-service capabilities that we now know as cloud from the virtual machine (CPU and RAM) and storage to the complex virtual networking provision.

Data center
Physical Security

Starting at the bottom of the stack, it is worthwhile to spend a moment discussing the physical aspects of cloud computing. With on-premises implementations, the customer would be responsible for everything, including the physical data center or computer room and its security, power, cooling, and networking.

When thinking about cloud, in most cases the cloud service provider will be leasing space from a data center provider, so customers should be asking:

  • Where is the data center? Whose data center is it? Are there several locations?
  • How secure is it? What about perimeter security, CCTV, and entry systems?
  • What industry accreditations does the data center provider have?
  • Can I visit?
  • What provisions are there for power, cooling, and networking?
  • How resilient are all of these things?

Equally, for the cloud service provider:

  • What industry accreditations do you have for your processes and compliance?
    • ISO 27001, ISO 27000, ISO 9001, CSA STAR, HIPAA, GCLOUD, etc
  • What SLAs do you provide around availability, performance and support?
  • Who has access to my cloud environment?
  • Will the data stay in the locations I have selected? Could it be moved or copied elsewhere, perhaps out of the country?

Over the recent years, 11:11 Systems has partnered with world-class data center providers who are not only able to provide excellent facilities, but also have great relationships with telecom providers enabling, easy connection for 11:11 customers if needed.
Compliance

Security and Compliance

Here at 11:11, we take security and compliance very seriously. As we’ll discuss later, most enterprise organizations have built up compliance teams over recent years, especially in the heavily regulated industries, and had to attain certifications or attestations. So, when consuming cloud services, these organizations will need the same levels of compliance and security, but that is often difficult to achieve when working with public cloud providers who are trying to be all things to all people.

Through our cloud console, 11:11 is able to share all our compliance documentation which includes:

  • ISO 27001 for Information Security Management Systems (ISMS)
  • ISO 20000 for IT Service Management
  • ISO 9000 for Quality Management Systems (QMS)
  • SSAE 16/18, SOC 2
  • PCI-DSS (for 11:11 as a business and the cloud infrastructure)
  • NIST 800-53 Security controls for US Federal Systems following FISMA
  • HIPAA/HITECH regarding data privacy and security provisions for safeguarding healthcare data
  • CSA STAR Certification – Gold
  • UK ICO / G-Cloud 9

We are also able to offer on-demand Compliance as a Service and audit control alignment, in order to tailor compliance reporting for individual customers.

In the second part of this blog series, we’ll drill down into the upper section of the stack, the aspects that will be managed by the customer.

Categories: Cloud Compliance, IaaSBy 11:11 SystemsAugust 10, 2017
Tags: Cloud Services
11:11 Systems

Author: 11:11 Systems

Post navigation

PreviousPrevious post:Cisco ASAv: The “v” Makes It BetterNextNext post:Shared Responsibilities for Cloud Computing: Who Does What in the Cloud? Part Two

Related Posts

Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
How businesses can respond to IT disruptions during the holiday season
How businesses can respond to IT disruptions during the holiday season
January 4, 2023
How secure are you?
November 17, 2022
Celebrating Get To Know Your Customers Day
October 20, 2022
What Our Customers Have to Say About 2022’s Most Pressing Cloud Challenges
June 10, 2022
Lord of the Rings, World Password Day, and the keys to well-rounded data security
May 5, 2021
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}