11:11 CLOUD
SECURITY

Multi-layered, integrated security is
a part of our DNA.

11:11 Systems Security

Defend against cyberthreats.

Every 11 seconds, cyber criminals attack another business. Security has to be at the top of your mind, whether you’re addressing it head on, or by shoring up your defenses through likely intrusion points.

For 11:11 Systems, security is never an afterthought for us. It’s a foundation for what we do, with multiple layers of defense built into our solutions, and physical, logical, process, and industry-based accreditation to document our claims.

This is also why 11:11 focus on security throughout everything we do.

  • Our Managed Security Services help you identify threats, and then protect, detect, respond, and recover from them, if needed.
  • 11:11 Managed Connectivity solutions are optimized to address modern security requirements while helping you to transform your network.
  • Our multi-award-winning, state of the art cloud solutions – including modern data protection, disaster recovery, and cyber recovery – have many layers of built-in security.

Security has always been a part of 11:11 Systems.

As internal and external threats evolve, so too does our platform approach to protecting data. 11:11 provides the highest levels of security and features available today, integrated with our services, and ready to adapt to your ever-increasing security requirements.

11:11 Systems Security

Physical
Still the first layer of defense for the most common security
threats.

Process
Regular training, established controls, and security-first
standard operating procedure.

Logical
The critical layer when it comes to complete workload and
data security from internal and external threats.

Accreditation and certification
Competency of methods and capabilities through ongoing
accreditation and certification.

Securing the epicenter of customer data.

The business protection of disaster recovery, but without all the cost overhead of other providers. iland Secure
DRaaS Secure Disaster Recovery with Veeam pricing is based on the storage needed for your environment with burst capacity always available.

Monitoring

  • Strict adherence to the Uptime Institute’s Tier III/IV standards including CCTV cameras monitoring each property 24/7/365.
  • Professional security teams (also 24/7/365) with regularly scheduled patrols around the site.

Access

  • Access to all facilities is controlled via an approved access list via photo and biometrics linked to an access card.

Environmental

  • Key environmental elements such as power, cooling and fire suppression are also secured.
  • Power is provided via enterprise grade uninterruptible power supplies (UPS), which are backed by fuel-driven generators.
  • All facilities carry enough fuel to operate for 24 hours in the event of a power failure with contracts in place for the continued supply of fuel.
  • Cooling is provided by industrial grade chiller units in an N+1 configuration.
  • Fire suppression is delivered via units that emit an inert gas (as opposed to sprinkler based systems) which is
    non-damaging to any electrical equipment and enables systems to remain online in the event the suppression is
    triggered.

Combining hardware, software, and technical configurations designed to control data access

Logical security refers to the various (and numerous) layers of technology that create a secure and stable foundation for all services and customers. In reference to layers, logical security is applied at the network, storage and hypervisor layers.

Our position is to provide as much security as possible within 11:11’s areas of responsibility.

Network

  • At the edge of the network, each customer has at least one virtual firewall implemented as standard; this virtual firewall provides SSL VPN termination, layer four traffic filtering and more.
  • At the network layer, every 11:11 customer is isolated and unique; no two network segments (behind the customer’s firewall) overlap or interact in any way.

Storage

  • Customer-facing storage is only visible by using logical segmentation concepts such as zoning, volumes, and Logical Unit Numbers (LUNs).
  • All storage within 11:11’s Cloud platform is encrypted-at-rest by default without any customer intervention required.

Hypervisor

  • Logical segmentation is implemented to avoid problems with contention, often known as “noisy neighbor.”
  • Hypervisor based security is made possible by industry-leading VMware NSX and Trend Micro Deep Security. Combined solution includes anti-malware, firewall, intrusion detection/prevention (IDS/IPS), web application protection, and integrity monitoring.
  • All these capabilities are built into the 11:11 Cloud platform by default.

Your data security is only as effective as those trained to manage it

No security solution, whether physical or logical (i.e. technology), is effective without trained and experienced people. If the people managing the system don’t understand or know how to work within the controls established to protect the various systems, the solution will fail.

  • Security processes begin before an employee even joins 11:11; all potential employees undergo a full background check before commencing employment.
  • Once employed at 11:11, all staff undergo security and compliance training as a part of their onboarding process.
  • This training is conducted at least once every six months for the duration of that individual’s employment with 11:11.
  • All our systems are operated with a Zero Trust/least-privileged model. This means we enforce “access denied,” unless required otherwise.
  • Access is granted, over an RBAC (role-based access control) model, providing specific individuals access based on their function. In addition to RBAC, privileged accounts are configured to operate with two-factor authentication (2FA). This is an elevated level of authorization required to access critical systems across 11:11’s infrastructure.
  • All employees are subject to regular access reviews to determine and ensure they still need access after changing teams or departments.

More general process orientated (i.e. non-user specific) security activities include:

  • Annual penetration testing against 11:11 infrastructure and regular patching schedules for all systems run by 11:11.
  • A documented company process details how and when 11:11 conducts patching of systems, including expedited patching for critical security updates released by 11:11’s vendors.

Competency through accreditation and certification

Taking into consideration all the security capabilities and attributes 11:11 provides from physical security to technology and processes, independent validation of the company’s efforts is still a cornerstone of our commitment to customers.

As an organization, we understand many organizations require certification and accreditation from their IT providers. Today, we adhere to the following frameworks and standards:

11:11 Systems Accreditations

Webinar: Want to improve your cybersecurity?
How to create a multi-layered approach.

Take control of your data security.

With the right combination of deep, integrated security features and capabilities, you can get ahead of internal and external cyberthreats and know you are prepared for the worst case scenarios.

11:11 Systems Security

Special features and capabilities:

Built-in cloud vulnerability scanning service performs periodic penetration testing of your cloud environment, ensuring that web servers and networks are not vulnerable to attack. In addition:

  • Reports of these scans are available through our console to all customers of the 11:11 Cloud platform.
  • Customized security alerting gives individual users the ability to set alerts to receive notifications in the console if a security scan detects a vulnerability in their environment.
  • Alerts can be customized for different risk factors and users can enable many alerts for different security settings through the console including:
    • Anti-malware
    • Computer issues (reboots and clock changes)
    • Firewall
    • Integrity monitoring
    • Intrusion prevention and detection
    • Log inspection
    • Web reputation
11:11 Systems Security Features

11:11 offers two levels of encryption on the 11:11 Cloud platform:

  • Natively, data is encrypted at rest.
  • For customers interested in VM encryption, we offer that capability using Hytrust. This can be selected on a per VM or per volume basis.
  • Both come with integrated encryption reports, to fulfill the needs of security and regulatory audits.
  • Customers can also achieve encryption in flight (in and out of the 11:11 Cloud) via integrated NSX firewall that provides multiple VPN options for traffic encryption.

11:11 Cloud has integrated malware and antivirus detection. We perform file scans, smart scans and real-time scans both on Linux and Windows systems.

Our Deep Packet Inspection checks all traffic to and from VMs, enabling 11:11 to provide:

  • Intrusion detection and prevention
  • Web application protection from black-list sites, app-layer attacks, SQL injections and cross-site scripting
  • Application controls providing visibility into applications accessing the network

Reports covering the details of the attackers, timing, and targets are available on-demand through the 11:11 Cloud Console.

Identity Access Management (IAM) includes user management and a Console permissions structure. IAM provides:

  • Granular role-based access and flexibility in setting up permissions to your 11:11 Cloud environments.
  • Easy management of all Console users within your company for maximum security in your cloud.
  • Completely customizable permission controls to help ensure users are only able to interact with your environment the way you choose, down to a very granular level.

Whether accessing files on the road, or providing a distributed workforce access to data during a disaster recovery event, 11:11’s free integrated site-to-site and SSL VPN offers:

  • Secure access to your cloud resources, no matter where you are
  • Wizard-driven configuration and management

11:11 also offers the Cisco security virtual appliances in a variety of configurations for customers standardizing on Cisco technology, or those who require more granular controls over their network configurations. Alternatively, you can use your own VPN appliance, physical or virtual.

We include two-factor authentication with all our services to ensure the security of your cloud environment, and to meet security and compliance requirements across many industries.

  • Secure access to your cloud resources, no matter where you are
  • Wizard-driven configuration and management

11:11 also offers the Cisco security virtual appliances in a variety of configurations for customers standardizing on Cisco technology, or those who require more granular controls over their network configurations. Alternatively, you can use your own VPN appliance, physical or virtual.

Additional layers of security include:

  • Log Analysis: Ongoing collection and analysis of log files to identify security events across the environment.
    Firewall Events: Continuous inspection of VM traffic, enabling policies that block suspicious activity.
  • Integrity Monitoring: Daily scans monitor critical OS and application files for suspicious behavior, including changes to key attributes, registry keys, contents, and access control lists.
  • Web Reputation Monitoring: Armed with an industry-leading black-list, 11:11 can block users from accessing malicious sites.

Customer Spotlight

“In this business, the number and type of cyberattacks are creating headaches for everybody. We are convinced it’s important to have this level of safety”

–Peter Kaufmann. Vice President Global IT, Bachem

Bachem

SIGN UP FOR A
DEMO TODAY

Available in all geographies that 11:11 Systems operates.

Designed to meet your unique, global business requirements.

11:11 Systems’ data centers meet the highest standards for security, compliance, and performance. With global availability, consistent infrastructure design, and unparalleled scale and flexibility, our cloud regions will be ready to support your changing business needs.