National Cyber Security Centre
Joint security guidance offered to data centre operators and users
New guidance from the NCSC and CPNI sets out a holistic security strategy for data centres to the keep the UK's online assets secure.
- The National Cyber Security Centre and the Centre for the Protection of National Infrastructure issue guidance to help UK’s data centres stay secure
- Operators encouraged to adopt a single strategy which unites the physical, personnel and cyber security of data centres
- Users and operators of data centres urged to consider guidance carefully as key aspects of UK life increasingly stored online
DATA CENTRE OPERATORS will for the first time have access to tailor-made advice on how to keep the UK’s online assets secure.
The new guidance from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI) helps users and operators of data centres understand and mitigate potential security vulnerabilities.
Data is one of the UK’s most valuable assets, and it underpins almost all facets of modern life. However, this can make data centres an attractive target for threat actors, both physically and in cyberspace.
The new guidance sets out a holistic security strategy which encourages owners and users to consider how:
- location and ownership of a data centre can affect who has access to sensitive information or affect strategic operating decisions
- cyber threat actors continuously evolve their methodology to breach defences
- strong physical security can mitigate covert and forceful entry to data assets
- employees are critical to an effective security culture
NCSC Technical Director Dr Ian Levy said:
“Operators and users of data centres have a clear responsibility to protect the data that they hold and process – failing to do this poses a massive financial, reputational and, in some cases, national security risk.
“Owning these responsibilities means understanding the array of methods that malicious actors could use to compromise a data centre both physically and digitally.
“I urge operators and users of data centres to consult this joint guidance and adopt the holistic security strategy it recommends.”
The Head of CPNI said:
“Data centres and the data they hold are invaluable to the UK’s economy, security and prosperity. Threat actors constantly seek to evolve their methods to exploit any weaknesses in data infrastructure security, often concurrently.
“To minimise the risk of a breach it is critical that data centre security is viewed holistically with physical, people and cyber security risks considered with other factors such as where in the world infrastructure is located.
“By doing so, data centre owners and users can better safeguard their customer’s data, their business operations and keep the UK’s digital infrastructure running.
“In this period of stark geopolitical uncertainty, there is no better time than now for data centre operators and users to read the full guidance and make sure they’re best protected.”
For more information, users and operators of data centres should visit the CPNI website.
For broader advice on configuring, deploying and using cloud services securely, people can consult the NCSC’s existing cloud security guidance.
Latest News from
National Cyber Security Centre
SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest27/01/2023 11:10:00
Activity against targeted organisations and individuals in the UK and other areas of interest.
UK cyber experts warn of targeted phishing attacks from actors based in Russia and Iran27/01/2023 10:10:00
Advisory highlights techniques used by attackers in spear-phishing campaigns.
Cyber Essentials technical requirements updated for April 202323/01/2023 15:15:00
Part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats.
Charities offered latest insight into key cyber threats to help keep out attackers20/01/2023 13:05:00
Latest report published by the NCSC outlines key threats facing the UK charity sector.
Ukraine cyber defenders in UK for high-level talks19/01/2023 12:15:00
Members of the national Computer Emergency Response Team for Ukraine (CERT-UA) held bilateral talks to discuss the conflict and resilience building.
NCSC announces new joint directors for software security research institute13/01/2023 10:15:00
The National Cyber Security Centre (NCSC) has announced new joint directors for one of its academic research institutes, which specialises in software security and safety.
Organisations helping most vulnerable in society offered free cyber security support09/01/2023 13:05:00
Funded Cyber Essentials Programme offers some small organisations in high-risk sectors free practical support to help put cyber security controls in place.
NCSC reveals top government email impersonation scams taken down in 202230/12/2022 11:20:00
Public encouraged to continue reporting suspicious emails after 6.4 million reports were received in 2022.