A leading UK security agency has released new guidance for data center owners and users on how to safeguard customer data and operations better as geopolitical uncertainty intensifies.
The National Cyber Security Centre (NCSC), an offshoot of GCHQ, compiled the new report in collaboration with the country’s Centre for the Protection of National Infrastructure (CPNI).
That hints at the strategic importance of datacenters to critical infrastructure today and how attractive a target they are for physical and cyber-threat actors.
Data center senior leaders should take a risk-based approach to security, mindful that attacks could not only be aimed at “acquiring or degrading data” but could also be destructive in nature, the report warned.
That’s especially significant in light of the recent use of wiper malware in Ukraine.
The report lists several modern data center elements that need to be considered, including the physical perimeter and buildings, the data hall, “meet-me” rooms, the supply chain, and insider risk.
“Datacenter owners should assume that a cyber compromise is inevitable, take steps to detect intrusions and minimize their impact and take preventative cybersecurity measures,” it advises.
“Organizations should ensure that good cybersecurity is built into their systems and services from the outset and that those systems and services can be updated to adapt effectively to emerging threats.”
The head of the CPNI, which is part of security service MI5, argued that datacenter security must work to mitigate physical, human and cyber-related risk to minimize the chances of a breach occurring.
“By doing so, datacenter owners and users can better safeguard their customer’s data, their business operations and keep the UK’s digital infrastructure running,” they added.
“In this period of stark geopolitical uncertainty, there is no better time than now for datacenter operators and users to read the full guidance and make sure they’re best protected.”