The UK Government are introducing new rules for data centres to try to regulate and enforce better cyber security practices.
The new consultation document 'Protecting and enhancing the security and resilience of UK data infrastructure' has been published online with the government currently collecting feedback on it.
These proposals suggest that data centre providers will now have a “duty to take appropriate and proportionate technical and organisational measures” to improve the security of there sites and reduce risks against the data centre.
Data centre providers would be required to sign up with new regulators and provide information related to operations and incidents as well as maintain a baseline around measures.
Intervention from the government has come off the back of criticism against existing data centre regulators with claims that current regulation provides insuffient security and that securing these centres is vital given their national importance.
“The criticality of data centres to our economy means that the national harm resulting from significant security or resilience shocks could be far greater than commercial harm to any one operator, and thus commercial drivers are not sufficient to drive the level of security/resilience standards required in the national interest,” a Government spokesperson claimed.
The Consultation closes next month, with the government looking for feedback specifically from data centre operators, data centre land and facility owners, cloud platform providers, managed service providers, customers and suppliers of data centres and independent/academic experts within the sector.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).