UK security agencies have launched new guidance for keeping data centers secure. While the guidance is reportedly suited to each company’s individual needs, experienced operators will likely find the information high level and of little use.

The National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) this month issued Data Centre Security Guidance for data center owners and users to inform risk management strategies that suit organizations' individual needs.

– Getty

The NCSC said the guidance sets out a “holistic security strategy” which encourages owners and users to consider how:

  • Location and ownership of a data center can affect who has access to sensitive information or affect strategic operating decisions
  • Cyber threat actors continuously evolve their methodology to breach defenses
  • Strong physical security can mitigate covert and forceful entry to data assets
  • Employees are critical to an effective security culture

“Operators and users of data centers have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk,” said NCSC Technical Director Dr. Ian Levy. “Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data center both physically and digitally. I urge operators and users of data centers to consult this joint guidance and adopt the holistic security strategy it recommends.”

The Head of CPNI said: “Data centers and the data they hold are invaluable to the UK’s economy, security, and prosperity. Threat actors constantly seek to evolve their methods to exploit any weaknesses in data infrastructure security, often concurrently.

“In this period of stark geopolitical uncertainty, there is no better time than now for data center operators and users to read the full guidance and make sure they’re best protected.”

The guidance is broken out into owners and users, but in reality is very high level and unlikely to offer insights for any experienced operator or user.

Advice for operators includes having a risk management strategy, ensuring redundancy and physical security, and providing proper security training for staff. User advice includes ensuring your colo or hosting provider is providing adequate redundancy, physical security, and security training for staff, and asks them to consider the geography of where data is being hosted.

Subscribe to our daily newsletters