Views sought to boost security of UK datacentres and cloud services

The UK government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms.

Views are sought on tools currently used in other regulated sectors, such as having an incident management plan in place, notifying a regulator when an incident impacts their services, and a requirement for a person board or committee to be held accountable for security and resilience.

New protections would build on existing safeguards for data infrastructure, including the Networks and Information Systems (NIS) Regulations 2018 which cover cloud computing services. The National Cyber Security Centre and Centre for the Protection of National Infrastructure also regularly update guidance for datacentres and their online assets.

Data minister Julia Lopez said: “Datacentres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy. 

“We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyberattacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.” 

The call for views invites contributions from datacentre operators, cloud platform providers, data centre customers, security and equipment suppliers and cyber security experts to understand the risks data storage and processing services face. It wants to know what steps they are already taking to address any security and resilience vulnerabilities.

It will also ask companies which run, purchase or rent any element of a datacentre to provide details of the types of customers they serve. 

Based on the evidence, the Department for Digital, Culture, Media and Sport (DCMS) says it will decide whether any additional government support or management is needed to minimise the risks that data storage and processing infrastructure face. 

The work is part of the government’s National Data Strategy to ensure the security and resilience of the infrastructure on which data relies. 
The eight-week call for views will run until Sunday 24 July. Following the call for views, the government will review the feedback provided and will publish a response.