11:11 Systems is showing customers what cyber resiliency really means – image Licensed under the Unsplash+ License In collaboration with Mike Hindle11:11 Systems is a Managed Infrastructure Solutions Provider (MISP) with data centres in the US, Europe and Asia. Recently, the company has been talking about its focus on Cyber Resiliency. It is part of the security pillar, along with cloud and connectivity, on which the company has built its product portfolio.

Justin Giardina, Chief Technology Officer of 11:11 Systems, recently visited London. It was an opportunity for Enterprise Times editor Ian Murphy to ask him about cyber resiliency and how it is helping their customers become more resilient to attack.

What is cyber resiliency?

Ask organisations about what cyber resiliency means to them, and you’ll get a multitude of answers. Some think it’s disaster recovery mixed in with anti-ransomware technology. Others see it as part of their incident response, while another group sees it as another sales pitch from security vendors.

Justin Giardina, Chief Technology Officer of 11:11 Systems (Image Credit: 11:11 Systems)
Justin Giardina, Chief Technology Officer of 11:11 Systems

Giardina commented, “A lot of times, people will focus on the cybersecurity component from cyber resiliency. We have our category, which is disaster recovery, backup, cleanroom and things like that. What we present is what we call pods. There are eight different pods that talk about the various features that are needed for a successful cyber resiliency programme.

“Things like endpoint protection from the security, backup disaster recovery and multifactor authentication. Each little feature has a subset in the pod. We also say that for cyber resilience, this is the framework that we offer. We talk to customers to fill in the holes at all levels. Maybe you already have an XDR solution, and we come in and help with parts six and seven.”

Listening to Giardina talk, it is clear that while the company is a MISP, its engagement with enterprises is more that of a partner than a supplier. From a corporate perspective, that makes a difference. It means that customers are not expecting to be sold to all the time, which changes the relationship. Hopefully, for many, it means a change in how they see cyber resiliency.

Are organisations doing better cyber resiliency planning?

Organisations are suffering from staff and skills shortages across their entire IT portfolio. From a security perspective, this leads to a lack of planning when it comes to planning for cyber resiliency

Giardina sees companies looking for solutions rather than having to plan. He points out that they either go for something like CrowdStrike or they spend more on backup and recovery. What he does not see are organisations assessing how the tools they have and are buying, will work together. It also shows that companies are still focused on hardening the perimeter and not dealing with how to deal with an incident.

So, how should companies look to mitigate the impact of an attack? What processes do they need, and how many realise this is much more than reputation management?

11:11 Systems works with Trend Micro to harden customer systems, according to Giardina. He commented, “Trend Micro has a product called Vision One. It does a very good job of connecting the dots. So you could call a cyber-attack something like a complete DDoS, and the whole company is down. That is not usually the case with our customer base. It is often an email-based phishing attack where someone clicks on a link.

“We are able to show the customer what the attack vector looks like. We are also able to recover from a cyber-attack using the tools we already talked about. If a single user is infected, it might mean replacing the laptop rather than going into a fully-fledged DR mode.”

Recovery requires an understanding of assets

Being able to selectively recover from an attack is a far less disruptive response than a complete DR process. However, that level of finesse is far from simple for many businesses. It also depends on where their infrastructure is held, especially from a cloud perspective.

For example, an SME with a hosting company often relies on that provider to backup their systems. However, restoring systems comes with its own challenges. The hosting provider often does a backup of multiple sites at the same time. Getting a restore scheduled is not a simple process if it is possible at all.

Google, AWS and Azure all use a shared security model. Even with large companies, that breaks down. Companies often don’t understand how it works or don’t put the right processes in place. For SME’s, the situation is worse because they have to rely on that partner or provider.

Giardina says that the problem has been asset sprawl for a lot of companies and that brings its own challenges. He said, “It all depends on the maturity of the organisation. Sometimes, people will house all their infrastructure with us, and it’s a little bit easier to control or to do that.

“In some types of large enterprises, not only do you have the sprawl, but you have internal teams sprawl where that team doesn’t know what that team is doing. They may be doing the same thing insecurely. It’s really all over the map.

“That’s where our consulting team comes in. We do analysis; we can do Application Mapping; we can interview people and when we get started to develop that blueprint. Not only is it a process to get started, it’s a process to maintain. That’s usually our message to the customer. We don’t try to sell them on a silver bullet.”

Is SaaS an issue?

Enterprises can track their assets through an asset register when they own them and have a proper process. The issue with SaaS is that the enterprise doesn’t own the asset. IT doesn’t even know about the asset a lot of the time because it is not owned by them. Yet, that asset is still accessing and even storing corporate data.

This opens up a serious compliance challenge for organisations. If they cannot track what is using data, where it is using it and where it is storing it, they cannot be compliant. At that point, organisations run the risk of significant fines and even data loss or a breach. How does 11:11 Systems deal with that?

According to Giardina, “We have ways to do application discovery with DNS, monitoring and other things. We can show the customer what they’re using. But I’d also argue that there are other things on top of it, like if you use single sign-on and that breaks, guess what? Nothing works. So it’s a lot of education.”

Part of the challenge that Giardina identified is the belief that once something is in the cloud, it is immune to a lot of issues. Unfortunately, if someone like AWS has an outage, it impacts SaaS apps hosted in that region if they are not designed to failover elsewhere.

Giardina sees this as part of that education. Show the customer what they are using and identify the risks associated with it. It allows customers to understand cyber resilience.

Importantly, he also added, “There’s no silver bullet. There are solutions that backup Salesforce and there are solutions that backup 365. Is there one solution that does it all? It’s part of the resiliency programme, how we identify those things and work with the customer. And every customer is unique.”

Data resiliency is critical when it is shared across apps

It is rare for a piece of data to be unique to a single app. Today, most organisations are busy breaking down data silos and sharing data across tens, if not hundreds of apps. But what happens if that data is no longer available? This is a nightmare scenario for support teams because each app team will be focused on its own outage and may not realise it is a shared problem.

Giardina says that 11:11 Systems already uses Cassandra, a distributed database on their cloud platform. It means that they have built-in a degree of resilience but if the database does gown down, it impacts everything.

He believes that application discovery is key to managing this. Part of that discovery process should show what data sources those applications are reliant upon. While that doesn’t make them more resilient to the loss of the underlying data, it does significantly reduce the support problem.

It also allows 11:11 Systems to have a conversation with the customer about how to better protect the data. What technology is needed? How do you identify the risks from a data outage? The more points of data an app is using, the more complex it is to make that app resilient. But showing customers the problem, gives them an opportunity to develop a way to be more resilient to any form of outage.

Enterprise Times: What does this mean?

It is all too easy for organisations to think that they can recover from a cyber-attack. They know they have trusted backups and they have plenty of cybersecurity tools. The problem for many is that they don’t have a unified strategy that understands at both a macro and a granular level, how to recover from an attack.

What 11:11 Systems is focused on with its cyber resiliency approach is the education of customers. What is their application landscape, and what are the risks to it? Where is data stored? How is that data used, and by what applications? How resilient is that data, and what happens to apps when it is no longer available? What other assets do you have? How granular is your backup and restore capability?

All of these are questions that it is reasonable to think any enterprise can answer. However, no matter how large or small, much of this is hidden from IT, especially when it comes to cloud and SaaS.

To get around this, 11:11 Systems has become much more than a Managed Infrastructure Service Provider. It has become a consulting organisation and partner to many of its customers. That gives it a unique view of the problems its customers face.

LEAVE A REPLY

Please enter your comment!
Please enter your name here