The government has launched a consultation seeking ideas on how to strengthen the security and resilience of UK-located datacentres and public cloud platforms against outages and national security threats.
Recognising that both essential services – including government services – and the wider UK business community, are becoming more and more reliant on large-scale data storage and processing services, Westminster is keen to explore the possibility of introducing practices commonly used in other regulated sectors.
These could include compulsory incident management plans, mandated regulatory notifications should an incident occur, and the appointment of a person, board or committee to be held accountable for security and resilience.
The consultation – which is being run through the Department for Digital, Culture, Media and Sport (DCMS) – proposes that any new protections will build on existing safeguards for data infrastructure. This includes the Networks and Information Systems (NIS) regulations, which were introduced in 2018 to cover cloud services and are already being updated to reflect the growing importance of supply chain security.
DCMS hopes its plans will give users of such services more confidence and, crucially, help the more than 50% of small businesses that rely on cloud platforms to run their IT to insure themselves against disruption and protect the backbone of the economy.
“Datacentres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy,” said data minister Julia Lopez.
“We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyber attacks, and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.”
The consultation runs until Sunday 24 July 2022, and contributions are being invited from datacentre operators, cloud platform providers, datacentre customers, security and equipment suppliers, and the cyber security community to better understand the risks that data storage and processing services face, as well as what steps they are already taking to address vulnerabilities in their security and resilience.
It will also seek to establish details of the types of customers served by organisations that run, purchase, or rent space in datacentres.
Following this, DCMS will decide whether or not additional government support, management or intervention will be required on the matter.
This work also forms part of the National Data Strategy, which seeks to ensure the security and resilience of the infrastructure on which data resides.