The National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) have presented a novel security guidance, which sets out a holistic security strategy for data centres to the ensure the UK’s online assets are protected.
For the first time, data centres in the UK will have access to bespoke security guidance, which details how to keep the UK’s online assets secure.
This novel security guidance, offered by NCSC and CPNI will assist both the users, and operators of data centres, in recognising and alleviating any potential security vulnerabilities.
Data: A valuable asset
Data is one of the most valuable assets that the UK has, and it reinforces nearly all aspects of life in the twenty-first century. However, due to its immeasurable worth in the running of society, data centres pose a tempting target for threat actors both in cyberspace and physically.
The new guidance presents a holistic security strategy which aims to encourage owners and users to consider how:
- locality and ownership of a data centre can impact who can gain entry to delicate information or impact strategic operating decisions;
- cyber threat actors constantly develop their methodology in order to breach defences;
- strong physical security can alleviate covert and forceful entry to data assets; and
- employees are critical to an effective security culture.
NCSC Technical Director Dr Ian Levy commented: “Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk.
“Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally.
“I urge operators and users of data centres to consult this joint guidance and adopt the holistic security strategy it recommends.”
Protecting the UK economy and security
The Head of CPNI added: “Data centres and the data they hold are invaluable to the UK’s economy, security and prosperity. Threat actors constantly seek to evolve their methods to exploit any weaknesses in data infrastructure security, often concurrently.
“To minimise the risk of a breach it is critical that data centre security is viewed holistically with physical, people, and cyber security risks considered with other factors such as where in the world infrastructure is located.
“By doing so, data centre owners and users can better safeguard their customer’s data, their business operations and keep the UK’s digital infrastructure running.
“In this period of stark geopolitical uncertainty, there is no better time than now for data centre operators and users to read the full guidance and make sure they are best protected.”