Data centres are physical facilities that house the routers, switchers and servers that are essential for communication, operation of critical infrastructure, and storage of confidential information. They often interface with multiple other data centres as well as the cloud – itself a collection of data centres – and are complex and highly automated.
Yet the sophisticated features of data centres, such as power supply and cooling systems, as well as various smart, connected devices used for security and surveillance, environmental monitoring and control, can be exploited as vulnerabilities without proper protection from cyber threats. Cybersecurity breaches can have large-scale and far-reaching consequences well beyond the scope and scale of a facility itself, affecting a company’s bottom line, reputation and, in some cases, leading to legal action.
Cyber threats are ever-evolving – cyber criminals are becoming savvier about how to infiltrate and disrupt. Phishing, malware and Distributed Denial of Service attacks are more frequent than ever before. This leaves data centres – including the physical infrastructure like servers and storage – in a potentially vulnerable position.
A high-profile example of the vulnerability of physical infrastructure was the suicide bombing near an AT&T facility that took place in Nashville in late 2020. The explosion damaged surrounding structures and caused telephone and internet outages, including disruption to emergency and first responder communications infrastructure that, in some instances, impacted centres for over a week.
Additionally, because of the significant damage to the building, two water main breaks caused flooding to their onsite generators, leading to further outages, and complicating recovery efforts. The cascading nature of the disruptions highlights the importance of understanding system interdependencies in complex facilities such as data centres.
The technological landscape is changing all the time, and while risks can be designed out for new facilities, existing data centres operate using legacy systems. These systems often lack built-in security features, and some are no longer supported by suppliers and manufacturers, making it difficult to retrofit or upgrade them. Additionally, concerns about cost and a lack of understanding about the risks associated with not upgrading can lead to delayed upgrades.
There is a raft of regulatory requirements and compliance standards for data centre cybersecurity that businesses are obligated to meet, including GDPR in the UK and recently expanded legislation in Singapore. It is critical that data centres adhere to these regulations to avoid legal repercussions and maintain trust with clients and stakeholders.
It’s vital that organisations make cybersecurity a top priority when it comes to their business operations. Security should be designed into new data centres from the start. Regular security audits and penetration testing are also vital in helping to identify and address vulnerabilities. Additionally, sound staff training and awareness-raising help ensure employees adhere to security protocols and understand the wide-ranging ramifications of security breaches. Having a robust incident response plan in place is also important, so that any cybersecurity incidents can be dealt with quickly and effectively.
Cloud-based data centres come with their own unique security challenges and solutions. The World Economic Forum’s Global Cybersecurity Outlook 2024 revealed that 41 per cent of organisations who suffered a cyber security incident in the previous 12 months that had a significant impact on their financial position, operation or relationship with customers – said a third party caused it.
Like technology more broadly, the cybersecurity landscape is evolving. Future trends in cybersecurity that data centres should be aware of include understanding the impact of the new technologies they adopt, managing supply chain risks and those from third-party relationships, as well as investing in and building awareness of security fundamentals. Effectively navigating the evolving cybersecurity landscape will require data centres to balance an acceptance of ongoing cyber risk with bolstering their resilience and capacity for recovery.
Ongoing vigilance and investment in security measures is critical for the cybersecurity of data centres. To stay ahead of emerging threats and continually improve security, data centres should:
To learn more about cybersecurity as it relates to critical infrastructure such as data centres, download our report on Securing the backbone of our communities.
Loading
At a glance Over the past year, we have seen technologies mature and emerging trends show staying power. What does 2025 have in store for the architecture, engineering and construction (AEC) industry? From the AI boom to the dawn of emergent intelligence, let’s look at the trends that should be on your radar and why they matter to you.
Artificial Intelligence (AI) is taking centre stage around the world as a driver of transformational change in the workplace. As new tools such as Microsoft’s Copilot and Google’s Gemini become more widely available, organisations are realising the benefits of AI as a business tool that enables change in how work is done, what work is done, and how businesses can create competitive advantage. However AI adoption goes beyond acquiring a new tool or technology; it demands solid foundations like quality data, well-defined strategies, robust governance models and a skilled workforce. And perhaps most importantly, executive leadership that instils a culture of innovation, learning and change management.
In a world demanding sustainable action, digital enables progress. Intertwining digitally innovative ways of advancing efforts with human-centric, change management considerations sets organisations up on a path to drive real and impactful operational and behavioural change. In this article, we unpack how digital innovation can help to actualise your sustainability strategy.