May 30, 2022
The Call for Views on data storage and processing infrastructure security and resilience has been launched to assist the Government in strengthening the security and resilience of the UK’s data infrastructure to protect against outages and national security threats.
Views are being sought on tools currently used in other regulated sectors, such as having an incident management plan in place, notifying a regulator when an incident impacts services, and a requirement for a person, board or committee to be held accountable for security and resilience.
The UK’s data storage and processing infrastructure includes physical buildings housing large computer systems, which store and process huge volumes of data, as well as cloud platforms which provide remote, shareable computing services via the internet. New protections would build on existing safeguards for data infrastructure, including the Networks and Information Systems (NIS) Regulations 2018 which cover cloud computing services.
The Government says that its plans will give greater confidence to the millions of people who rely on these digital services every day. The proposals will also help small businesses who use cloud platforms as a cheaper, more efficient way to access essential IT services. As the UK’s reliance on digital services grows, shielding this infrastructure against disruption will protect the economy, the Government says.
Views are sought from data centre operators, cloud platform providers, data centre customers, security and equipment suppliers and cyber security experts to understand the risks data storage and processing services face.
The Government wants to know what steps are already being taking to address security and resilience vulnerabilities. The Call for Views also asks organisations that run, purchase or rent any element of a data centre to provide details of the types of customers they serve.
Based on the evidence, the Government will decide whether any additional government support or management is needed to minimise the risks that data storage and processing infrastructure face.