UK government opens public consultation on data centre security

A corridor in a blue-hued data centre
(Image credit: Shutterstock)

The UK government has invited the cyber security industry to share its thoughts on how the country can better secure its data centre infrastructure and cloud services.

Experts are especially invited to contribute if they have thoughts on how the security tools used in already-regulated sectors can be applied to securing the nation’s data.

Such tools and protocols included are incident management plans, mandatory notification periods when infrastructure or services are affected, and a requirement for an individual to be personally liable for cyber attacks.

Anyone with strong knowledge in the area is encouraged to contribute to the call for views, but particular expertise from data centre operators, cloud platform providers like AWS and Microsoft Azure, data centre customers, and cyber security professionals would be particularly welcomed.

Willing experts will be asked to clarify what are the current risks to data storage and processing services, and what steps the industry is currently taking to mitigate these threats.

The government will be looking to develop new protections that could join or supplement the existing safeguards afforded by the likes of the Networks and Information Systems (NIS) regulations.

Ultimately, the new provisions will be aimed at safeguarding the economy through the protection of small and medium-sized businesses (SMBs) while keeping the everyday consumer safe from online harms too, the government said.

“Data centres and cloud platforms are a core part of our national infrastructure,” said Julia Lopez, minister of state for media, data, and digital infrastructure. “They power the technology which makes our everyday lives easier and delivers essential services like banking and energy.

“We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyber attacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.”

The government is also looking to understand the different types of data centre customers there are in the UK, and the call for views will be looking for companies that run data centres to provide details of their customer base.

The call for views will be open for eight weeks with the deadline set for midnight on 24 July, after which time the submissions will be reviewed and the government will publish a response.

“The technology sector already plays an important role in strengthening resilience across the UK economy and techUK welcomes the opportunity to engage with Government on these significant issues,” said Julian David, CEO of techUK.

“One particular focus will be how these proposals will align with wider efforts to strengthen resilience across sectors as well as the wider ambitions outlined in the UK’s National Cyber Strategy - which is a continuation of UK Government’s longstanding leadership in cyber security.”

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.