Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1

        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2

        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services
        Object Storage

        Premium storage without the premium price

        Buy 11:11 Object Storage now
        BUY NOW
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed SASE
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Circuit Management
        • Network Consulting Services
        Network as a Service

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
      • Manage
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
  • Object Storage
  • Cyber Vault for Cohesity
BUY NOW
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Managed SASE
    • Multi Cloud Connect
    • Circuit Management
    • Network Consulting Services
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
    • Manage
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Buy Now
    • Object Storage
    • Cyber Vault for Cohesity
  • Free Trial
Tags: Cloud Services
Author: 11:11 Systems
Date: August 16, 2017

Shared Responsibilities for Cloud Computing: Who Does What in the Cloud? Part Two

On-premises-IaaS

Date: August 16, 2017

Author: 11:11 Systems

Editor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.

 

In the first part of this blog series, we looked at the cloud service provider side of the shared responsibility stack.

Looking at the rest of the stack, particularly the upper areas where the customer is responsible, it is extremely important to remember that there is no magic pixie dust in a cloud implementation when compared to an on-premises one.

It is vital that customers fully understand what they are getting from the cloud provider in terms of functionality, and, most crucially, what security and compliance features are provided. As part of this, customers need to fully understand what is included as part of a solution and what needs to be purchased separately. This helps prevent “bill creep,” where something looks inexpensive, but hidden costs build up rapidly.

Here are a few questions to ask when considering a cloud solution:

  • Do we need to pay separately to license the operating system or other software, such as middleware and databases?
  • Is anti-virus or anti-malware included? What vendor? What functionality?
  • Are backups included? If so, what retention period? Are these in the same location, or another location?
  • What edge firewalling or networking is provided? What functionality is provided?
  • Can I add additional security controls through third party virtual appliances?
  • What additional security solutions are available?
  • What monitoring solutions are available to measure performance, availability, security, compliance, and usage?

Virtualization

The advent of virtualization and the addition of cloud management platforms, has made it extremely easy for customers in a cloud environment to self-provision virtual machines, storage and virtual networking.Hardware

Some cloud providers use instance or “t-shirt sizes” (small, medium, large) while other providers, such as 11:11 Systems, allow customers to provision VMs of any size and simply bill on the actual consumption of CPU and RAM by using resource pools. These VMs can be resized depending on requirements from week to week. Customers can add or remove CPU and RAM as required.

Similarly, customers are able to provision storage from different storage capabilities, be it disk, SSD or SSD/cache-accelerated.

From a virtual networking perspective, customers can self-provision networks based on VLANs or VXLANs, allowing them to securely share the underlying physical networks. In addition to the public internet, customers have the ability to take advantage of high-speed private networks using MPLS or leased lines to connect back to their on-premises environments.

When architecting a solution to run in the cloud, the same principles you would use on-premises still hold true. It is easy to create a DMZ and then internal networks, which may or may not have access to the Internet, and create firewall and routing rules between the various networks.

Typically, customers will be provided with an edge firewall or router which gives them access to the internet. A self-service interface will allow them to create firewall rules, as well as network address translation in both directions (SNAT and DNAT). Edge gateways can also be used for IPsec site-to-site VPNs, SSL Client VPNs, simple load balancing, etc.

For additional security, other virtual security appliances can be deployed to provide additional functionality. Examples could include: virtual firewalls (deep packet inspection), web application firewalls and complex load balancers.

Cloud Management Platform

While there’s not a box on the diagram listed above that discusses cloud management platforms (CMP), this is where the division between the customer and CSP really happens. Before cloud was a thing, many service providers offered virtualized solutions to customers, but typically, the virtualization was not designed to be multi-tenanted.Console

The advent of cloud management platforms, together with orchestration and automation solutions, has really enabled cloud services as we know them today — providing not just IaaS, but also PaaS and SaaS.

Multi-tenancy is the ability to carve up resources on a shared environment, with (importantly) networking and security services. This provides the economies of scale that cloud delivers, while also ensuring tenants cannot access each other’s services (unless specifically allowed to do so).

Operating System

When deploying virtual machines, cloud service providers will usually provide a catalog of the most recent operating system templates, be they Windows or Linux. It will be the responsibility of the customer to keep these operating systems patched and up to date.

Similarly, it will be up to the customer to determine what, if any, anti-virus or anti-malware solutions the CSP provides are included in the template, or as an optional extra. It is important to note that just being in the cloud does not remove the need for anti-virus solutions. Many CSPs provide these solutions at the hypervisor layer, so scans will not affect the performance of the VM.

Just as important as security software is the need for backups. Even if your CSP provides redundant storage, that is only there to protect against failure in the storage subsystems. It is not there to protect against data loss through accidental deletion, corruption or ransomware. So, check what backup solutions are available, what retention periods, how often they are taken, and where the data will be stored.

Aside from anti-virus/anti-malware, what other security solutions will your CSP provide, and what questions should you be asking about them?

  • File integrity monitoring
    • When were important files changed and by whom?
  • Data loss protection (DLP)
    • Have sensitive files or content been sent or copied elsewhere?
  • Audit logs
    • Who has been doing what within the operating system, middleware or applications?
  • Encryption
    • Are the virtual storage devices encrypted? Who holds the keys? What level of encryption is available?
  • Penetration testing
    • How can you test if your web applications are secure? Can you automatically produce remediation suggestions?
  • Intrusion detection/prevention (IDS/IPS)
    • What facilities are provided to detect or prevent hacking attacks?
  • Web reputation
    • How do you prevent users within the cloud environment from accessing malicious sites?

Middleware/Runtime/Application/Data

It will be the responsibility of the customer to manage and control all aspects of the middleware, runtime, application and data in an IaaS cloud environment.

As discussed earlier, it will be important to ensure the cloud environment is architected to provide the network security and data storage required by the application. As with all IT implementations, this needs to be sufficient for the business’s requirements.

As new data protection legislation comes in, such as GDPR, it will be important to classify the data being stored, and provide sufficient controls to protect the data from malicious access. For example, databases should be hosted on secure, back-end networks. Only the relevant protocols should be allowed access via the firewall, and it may be necessary to further lock down access by source IP address. Data may need to be encrypted. Only database administrators should be allowed access.

Identity and Access Management

 As the name suggests, IAM covers two areas:Cloud

  • Identity: Who is the user? How do we authenticate them — password, alternative challenge?
  • Access: Once authenticated, what are they able to do?

In the case of a cloud management platform, it is important that users only have access to the functions that they need to carry out their job. When experimenting with cloud, it is very easy for new users to do everything from the outset as an administrator or even as the root user. This is not only dangerous but means that it is impossible to track and audit what has been going on. In some cloud environments, it is difficult to retrofit things once everything has been created as an administrator.

In on-premises environments, separation of duties was often mandatory due to the fact that people worked in different departments: compute, network, storage or Windows/Linux. With cloud management platforms, an administrator will usually have access to everything, and that could cause major problems, as have been highlighted in the media recently!

It is a great philosophy to adopt a “least privilege” approach, where a user’s access rights can be elevated for a short time, perhaps on a subset of the environment, in order for them to carry out a set of tasks, and then set back to their normal privilege levels.

In most cloud environments, fine-grained RBAC controls allow for tight management of who can do what, and audit logs clearly show what has been going on.

While there is much talk in the media of using secure and complex passwords, many cloud management platforms will also allow two factor authentication, perhaps involving a username/password as well as a second challenge, such as a code sent to your mobile phone, or a specialist token device such as an RSA key.

The11:11 Systems Philosophy

Having been in cloud infrastructure market for many years (and before it was called that), 11:11’s philosophy has always centered around providing an enterprise cloud experience.We are committed to providing all the enterprise features that customers running environments on-premises have grown to expect.

When working with 11:11 Systems for IaaS, customers can expect:

  • Flexibile pricing 
    • Pay for consumption either on a pay-as-you-go basis with hourly billing, reserve capacity on a monthly basis, or have a mixture of the two (reservation + burst).
    • No “t-shirt sizes.” Just provision as you would have on-premises, and change the sizes when you need to. Using resource pools, 11:11 bills on the actual consumption of CPU and RAM.
    • Windows OS licensing is built into the base price using our Microsoft SPLA.
  • Included backups 
    • Seven-day nightly backups at no extra cost.
    • Self-service VM restoration through the 11:11 Cloud Console.
  • Advanced security
    • Trend Micro Deep Security is built-in for Windows and Linux VMs deployed from the 11:11 catalog, which can also be enabled for self-built or imported VMs.
    • Tenable Nessus web monitoring is automatically enabled on all public IPs allocated to customers, at no extra costs. Detailed remediation reports are produced on all services exposed to the internet via the public IPs.
    • All VMs benefit from encrypted storage using our Nimble flash-accelerated and all-flash arrays at no extra cost. Individual VM encryption is available at extra cost.
  • Fully-featured cloud management console
    • Full self-service functionality with detailed and granular role-based access control through an HMTL5 web console is also available as an Apple and Android app.
  • API integration
    • Tight API integration in the console with VMware vCloud Director and vSphere, backups, disaster recovery, business continuity, and performance reporting with a long history available through our big data repository.
    • API access to all functionality, with support and documentation for several well-known SDKs, as well as presenting the native VMware vCloud Director API.

For more information, please visit 11:11 cloud hosting.

Categories: IaaS, SecurityBy 11:11 SystemsAugust 16, 2017
Tags: Cloud Services
11:11 Systems

Author: 11:11 Systems

11:11 Systems (“11:11”) is a managed infrastructure solutions provider that holistically addresses the challenges of next-generation managed cloud, connectivity and security requirements. 11:11 combines the teams and technology behind market leading, analyst vetted companies like Green Cloud Defense and iland to deliver increased performance, optimization and savings.

Post navigation

PreviousPrevious post:Gartner’s 10 DRaaS Questions: AnsweredNextNext post:Shared Responsibilities for Cloud Computing: Who Does What in the Cloud? Part One

Related Posts

Quick answer: Data is growing faster than most organizations can store or protect it. Falling hardware costs, abundant bandwidth, paperless workflows, and regulatory mandates all fuel this surge. To keep critical data safe and recoverable, many organizations now outsource backup to specialists like 11:11 Systems, which delivers secure, compliant, cost-effective cloud backup. Picture a closet you keep stuffing with all kinds of clutter. You add a few things each week, then a few each day, until the door barely shuts. Now imagine that closet doubles in size every couple of years, on its own. That's roughly what's happening to corporate data, and your backup strategy is the closet trying to hold it all. Knowing why data is growing so fast and the challenges that growth creates for IT teams is part of the ongoing battle. Perhaps an immediate solution is already at your fingertips? Why is corporate data growing so fast? Data is expanding at a rate that's hard to picture. According to Cybercrime Magazine, the world created, captured, and replicated over 200 zettabytes of data in 2025, up from about 64.2 zettabytes in 2020. That's nearly a threefold jump in five years. Here's the catch many people miss: backup data is one of the biggest culprits behind that growth. Every copy, snapshot, and archive adds to the total. Worldwide data production has outpaced worldwide storage capacity, and the gap between what organizations create and what they can store keeps widening. A few years ago, IT teams mostly worried about data protection, encryption, and automation. The picture looks different now. Today, organizations are demanding: • Continuous data protection • Security and compliance • Bare metal recovery (restoring entire servers, including OS, files, and configurations) • Archiving • Deduplication • Reduced backup windows • Faster recovery speeds What's driving the explosion in data growth? Several trends are accelerating the rate at which corporate data piles up. Here are the five main culprits most organizations struggle with. 1. Cheaper hardware This is the obvious starting point. Storage capacity keeps getting cheaper per gigabyte, so there's little incentive to delete anything. When storage feels nearly free, organizations simply keep more of everything. 2. Cheap and abundant bandwidth Internet bandwidth is no longer the bottleneck it once was. That shift fueled the explosion of streaming media, file sharing, and online storage. It also created a duplication problem. If one person shares a 1GB file with 500 colleagues, that's half a terabyte of storage consumed in a single click. Multiply that across an enterprise, and duplicate data becomes a major source of waste. 3. Business is going paperless Email replaced letters. eBooks and tablets nearly replaced printed books. Digital imaging replaced photographs and x-rays. Paperless offices are better for the environment, and they're also more productive, more flexible, and better at extracting value from business data. The trade-off: every digital document is one more thing to store and protect. 4. The growing strategic importance of data Data used to be a tool that supported decisions. Now it sits at the center of corporate strategy. Companies like Google and Meta built their entire business models around the data they own. Information is power, and that power keeps growing, which means organizations hold on to far more of it. 5. Regulatory compliance Even organizations that want to store less often can't. Regulations like HIPAA and GDPR require companies to retain historical archives for years. As those archives grow, storage becomes a serious business problem. Organizations also need fast, cost-efficient search and retrieval to stay ready for an unexpected e-discovery request. What are the ways organizations lose data? As data grows in volume, its value grows too. Consider it a type of currency that has tremendous value both internally and externally. That makes protecting it more important than ever. And there's no shortage of ways to lose it. Cyberattacks of course are now the leading threat. Ransomware attacks remain a top concern, with the average ransomware event costs climbing into $5.1 million (cost includes ransom payments, recovery costs, and indirect costs like loss of trust and reputational damage). Numerous industry reports including a recent study by Infrascale, highlight the most prevalent way organizations lose data. This includes, but certainly is not limited to the following: • Hardware failure: a crashed laptop, server, or mobile device can render files unrecoverable. • Theft: business break-ins still happen, and stolen devices are rarely recovered. • Human error: data gets accidentally deleted or deliberately wiped by a disgruntled employee. Human mistakes remain one of the most common causes of data loss. • Malware and account compromise: malicious software can hijack a system, and cloud storage accounts can be breached through stolen credentials or phishing. • SaaS data gaps: many assume platforms like Microsoft 365 back up everything. They don't fully, which leaves a gap most organizations don't notice until it's too late. The lesson is simple. The more data you hold, the more ways there are to lose it. Why should organizations outsource data backup? Managing explosive data growth in-house is tough. The volume keeps rising, the threats keep evolving, and the compliance bar keeps moving. That's why many organizations choose to outsource backup to specialists who stay ahead of these trends. Outsourcing backup lets your team adapt quickly to changes in both the growth and the nature of your data, while keeping that data safe and available. Choose this route if predictable costs, expert management, and stronger security matter more to you than running everything yourself. How can 11:11 Systems help? 11:11 Systems is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS). 11:11 Cloud Backup delivers integrated, secure, and cost-effective protection for on-premises and cloud data, including Microsoft 365 data, so critical business data gets back online quickly after a loss event. With multiple layers of defense, including security, cloud backup, and air-gapped Insider Protection, 11:11 Secure Cloud Backup helps organizations remove single points of failure. That minimizes both the time and the business impact of data loss. It's an easy, cost-effective cloud solution for all your offsite backup and archiving needs. Back to that overstuffed closet. You can keep cramming clutter in and hope the door holds, or you can bring in a decluttering specialist to help you organize and build a bigger, smarter, safer space that grows as you do. In the same way 11:11 Systems can be that professional home organizer that helps with your growing data. With the right backup strategy, data growth stops being a threat and starts being an asset.
Data Growth Tests Backup Capabilities: How to Keep Up
June 19, 2026
2026 HPE Service Provider Partner of the Year
11:11 Systems Wins 2026 HPE Service Provider Partner of the Year
June 16, 2026
VMware Cloud Foundation: VCF 9 appears over a blue circuit board
The Great VMware Cloud Foundation 9 Translator
May 19, 2026
Network Modernization, NaaS, Networking
Network Modernization for a Secure Enterprise
May 13, 2026
protect your business from AI cyber attacks
How to Protect Your Business From AI Cyberattacks
May 11, 2026
World Password Day 2025
World Password Day 2026: Lock Down Your Enterprise
May 4, 2026
11:11 Systems
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2026 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top