Article
Data Centres

NCSC, CPNI offer security guidance to data centre operators

By Sam Steers
March 10, 2022
undefined mins
The National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) have issued guidance on data centre security

Data centre operators will for the first time have access to tailor-made advice on how to keep the UK’s online assets secure.

 New guidance from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI) has been issued to help users and operators of data centres understand and mitigate potential security vulnerabilities.

Both organisations are encouraging data centre operators to adopt a single strategy uniting the physical, personnel and cyber security of data centres

Data centres an “attractive target” for threat actors both physically and in the cyberspace

Data is one of the UK’s most valuable assets, and it underpins almost all facets of modern life. However, this can make data centres an attractive target for threat actors, both physically and in cyberspace.

The new guidance sets out a holistic security strategy which encourages owners and users to consider how location and ownership of a data centre can affect who has access to sensitive information or affect strategic operating decisions; how cyber threat actors continuously evolve their methodology to breach defences; and how strong physical security can mitigate covert and forceful entry to data assets.

It also looks at how employees are critical to an effective security culture. 

NCSC Technical Director Dr Ian Levy said: “Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk.

"Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally.

“I urge operators and users of data centres to consult this joint guidance and adopt the holistic security strategy it recommends.”

The Head of CPNI said: “Data centres and the data they hold are invaluable to the UK’s economy, security and prosperity. Threat actors constantly seek to evolve their methods to exploit any weaknesses in data infrastructure security, often concurrently.

"To minimise the risk of a breach it is critical that data centre security is viewed holistically with physical, people and cyber security risks considered with other factors such as where in the world infrastructure is located.

“By doing so, data centre owners and users can better safeguard their customer’s data, their business operations and keep the UK’s digital infrastructure running. In this period of stark geopolitical uncertainty, there is no better time than now for data centre operators and users to read the full guidance and make sure they’re best protected.”


NCSCCPNIdatacentrescybersecurity
Share
Share

Featured Articles

Vantage Data Centers Expands EMEA Portfolio in Dublin

Vantage Data Centers' new 52MW Dublin campus will help to meet customer demand, fuel Ireland's digital future and power sustainable data centre progress

International Girls in ICT Day 2024 at Xalient

Xalient’s data scientists integrate diverse data sources - but that’s not all. Xalient’s Anne Fox tells us how diverse thinking builds strong data

Anna Pálsdóttir: atNorth’s New Chief Development Officer

atNorth’s data centre portfolio expands with the arrival of Anna Kristín Pálsdóttir, international development expert, to lead continued growth strategy

NTT DATA Celebrates Earth Day with Sustainability Strategies

Critical Environments

Start-up Greensparc Brings Renewable Energy to Rural Areas

Critical Environments

Equinix and PGIM Real Estate aim to Upscale US Data Centres

Hyperscale