06 April 2022
Data centre operators will for the first time have access to tailor-made advice on how to keep the UK’s online assets secure, after two security agencies launched new guidance for on risk management strategies that suit organisations’ individual needs.
The new guidance from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI)helps users and operators of data centres understand and mitigate potential security vulnerabilities.
Data is one of the UK’s most valuable assets, and it underpins almost all facets of modern life. However, this can make data centres an attractive target for threat actors, both physically and in cyberspace.
The new guidance sets out a holistic security strategy which encourages owners and users to consider how:
- location and ownership of a data centre can affect who has access to sensitive information or affect strategic operating decisions
- cyber threat actors continuously evolve their methodology to breach defences
- strong physical security can mitigate covert and forceful entry to data assets
- employees are critical to an effective security culture
“Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk,” said NCSC technical director, Ian Levy. “Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally.”
Levy added he urges operators and users of data centres “to consult this joint guidance and adopt the holistic security strategy it recommends”.