DCMS opens public consultation on cloud and data centre security

The aim is to better understand the threats that data centre and cloud services face

The Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation to gather feedback on ways to improve the security and resilience of UK data centres and online cloud platforms.

Experts are invited to participate in the consultation if they have ideas on how security techniques employed in already-regulated areas might be used to safeguarding the nation's data.

Examples of such tools and practices include incident management plans, mandatory notice periods when infrastructure or services are impacted, and a need for an individual, board, or committee to be personally accountable for security and resilience.

To better understand the threats that data centre and cloud services face, the DCMS is specifically looking for input from data centre operators and clients, cloud service providers, security and equipment vendors, and cybersecurity experts.

It's also looking for information on what efforts are being taken now to address security and resilience issues.

Companies who operate, buy, or rent any element of a data centre will also be asked to provide information on the sorts of clients they serve.

Based on the feedback, the DCMS says it will assess if any additional government assistance is required to minimise risk to data storage and processing infrastructure.

Any additional safeguards for data infrastructure, according to the consultation, would be built on the top of current safeguards.

This includes the Networks and Information Systems (NIS) regulations, which were adopted in 2018 to encompass cloud services and are now being amended to reflect the growing significance of supply chain security.

DCMS anticipates that its initiatives will instil more trust in the users of such services and, more importantly, will assist small companies who depend on cloud platforms to avoid disruption, protecting the economy's backbone.

According to figures from the Office for National Statistics, the number of organisations using cloud computing services to store their data more than doubled between 2013 and 2019, with 53% of enterprises now using cloud platforms.

This latest move is part of the government's National Data Strategy, which aims to secure the resilience of the IT infrastructure.

"Data centres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy," said data minister Julia Lopez.

"We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyber attacks, and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands."

Adam Bradshaw, commercial director of ServerChoice, commented: "It is great to see the government recognising the importance of data centres in underpinning the nation's digital presence. Data centres are often the unsung hero of the digital economy, upholding vast swathes of Britain's online function."

"Sharing industry expertise to the government is commendable, but providers also need to be taking their own steps. With so many critical threats, regular assessments of disaster recovery plans, supply chain robustness and power backups are a necessity, as well as keeping abreast of the latest cybersecurity threats. Businesses and consumers across the country are relying on responsible data centre providers to do so."

Join us at the CyberSecurity Festival 2022, taking place across 3 days in June, where we will come together to learn, collaborate and tackle the biggest technology security challenges. Find out more and register for free