The National Cyber Security Centre (NCSC) and the Centre for Protection of National Infrastructure (CPNI) have issued new guidance on a holistic security strategy for data centres.
They have encouraged operators to bring together the physical, personnel and cyber security practices into a single strategy.
The guidance, which is categorised into key considerations for owners and users, urges them to look at how the location and ownership of a data centre can affect who has access to sensitive information or affect strategic operating decisions.
It also emphasises the importance how cyber threat actors continuously evolve their methodology to breach defences, that strong physical security can mitigate covert and foreful entry to data assets, and that employees are critical to an effective security culture.
Responsibility to protect
Dr Ian Levy, technical director at NCSC, said: “Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk.
“Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally.
“I urge operators and users of data centres to consult this joint guidance and adopt the holistic security strategy it recommends.”
The (unnamed) head of CPNI said: “To minimise the risk of a breach it is critical that data centre security is viewed holistically with physical, people and cyber security risks considered with other factors such as where in the world infrastructure is located.
“By doing so, data centre owners and users can better safeguard their customer’s data, their business operations and keep the UK’s digital infrastructure running.”