FOR THE first time, Data Centre operators will now have access to tailor-made advice on how to keep the UK’s online assets secure. New guidance issued by the National Cyber Security Centre (NCSC) – itself a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI) is specifically designed to assist users and operators of Data Centres when it comes to understanding and mitigating potential security vulnerabilities.
Data is one of the UK’s most valuable assets. Indeed, it underpins almost all facets of modern life. However, this can make Data Centres an attractive target for threat actors, both physically and in the realm of cyber space.
With this in mind, the new guidance sets out an holistic security strategy which encourages owners and users to consider how:
*location and ownership of a Data Ventre can affect who has access to sensitive information or otherwise affect strategic operating decisions
*cyber threat actors continuously evolve their methodology to breach defences
*strong physical security can mitigate covert and forceful entry to data assets
*employees are critical to an effective security culture
Dr Ian Levy, technical director at the NCSC, said: “Operators and users of Data Centres have a clear responsibility to protect the data that they hold and process. Failing to do this poses a massive financial, reputational and, in some cases, national security risk.”
Levy continued: “Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a Data Centre both physically and digitally. I urge operators and users of Data Centres to consult this joint guidance and adopt the holistic security strategy it recommends.”
Data infrastructure security
The head of CPNI noted: “Data Cntres and the data they hold are invaluable to the UK’s economy, security and prosperity. Threat actors constantly seek to evolve their methods to exploit any weaknesses in data infrastructure security, often concurrently. In order to minimise the risk of a breach, it’s critical that Data Centre security is viewed holistically with physical, people and cyber security risks considered alongside other factors such as where in the world infrastructure is located.”The spokesperson continued: “By doing so, Data Centre owners and users can better safeguard their customer’s data and their business operations and also keep the UK’s digital infrastructure running. In this period of stark geopolitical uncertainty, there’s no better time than now for Data Centre operators and users to read the full guidance and make sure they’re best protected.”
*For more information, end users and operators of Data Centres should visit the CPNI website
**For broader advice on configuring, deploying and using cloud services securely, individuals can consult the NCSC’s existing cloud security guidance
Registration for the UK’s flagship cyber security conference has opened, marking a return to an in-person event following last year’s virtual format. CYBERUK 2022 will be hosted by the NCSC at the ICC Wales in Newport on 10-11 May.
The event has become a key date in the calendar for thought leaders in cyber security and technical professionals from the UK and around the world, with previous conferences taking place in Liverpool (2017), Manchester (2018) and Glasgow (2019).
Building on the success of last year’s virtual event, keynote speeches will also be streamed on the CYBERUK YouTube channel in order to maximise accessibility for all.
This year’s conference will bring together more than 1,500 delegates to discuss measures designed to boost national cyber resilience, including those put in place by the UK Government.
Lindy Cameron, CEO of the NCSC, said: “This year’s CYBERUK is a fantastic opportunity to bring experts across Government, industry and academia together under one roof after a prolonged period of virtual working. Delegates will have access to a range of world-class expertise and compelling sessions discussing how the UK can continue to boost its cyber resilience in the face of today’s cyber threats. We look forward to welcoming a range of experts and hosting the discussions that will share important cyber security thought leadership and insights.”
CYBERUK will feature live keynotes, panels and Q&A sessions delivered by the NCSC and sponsors across four distinct streams of activity.