The recent announcement by the UK Government that it would designate data centers as Critical National Infrastructure (CNI), placing them in the same category as energy and water systems, is a clear recognition of the vital role they play in today’s economy and society. There are no official records of how many data centers there are in the UK, perhaps down to the sensitive nature of data itself, however, Statistica puts the current number at 514, the third highest number in one country worldwide, behind the United States and Germany.
It’s difficult to envisage any aspect of modern life that data centers don’t impact – from the way we communicate to our interactions with businesses and vital public services, including the NHS. We simply couldn’t function without them. While this government initiative is reassuring, its impact in real terms is questionable.
A data center itself is a building with power, cooling and network access. It’s the data and systems that reside within them which is of critical national importance. Safeguarding this is the responsibility of the data center's client - not the physical provider. However, the building provider can enforce physical security and ensure it’s at an appropriate level which mirrors cybersecurity defenses. Additional, specific issues need to be taken into account and adequately addressed, including approaches to cyber resiliency, power consumption and sustainability challenges.
Field CTO, EMEA at Pure Storage.
The cyber resiliency challenge
It could be argued that the government is playing catch-up with its CNI initiative, particularly in relation to cyber security. In recent years, we’ve seen regulations come into effect, such as the National Institute of Standards Technology (NIST) security framework in the US, and the European Union’s Digital Operation Resilience Act (DORA) and NIS2, which between them, have become defaults for how data is managed and secured. That’s not to say that the UK CNI initiative isn’t valuable, because it is. Crucially, it sends out a clear message to data center operators that they have a responsibility to take specific steps to prepare for cyber-attacks and have robust recovery plans in place.
In reality, despite having the best enterprise-grade cyber defenses and strategies in place, some attacks will be successful. This is made clear by the most recent figures published by the UK Information Commissioner’s Office, revealing record levels of ransomware and cyber-attacks in 2023. It’s almost impossible to have foolproof cyber defenses, especially considering that attacks are constantly evolving and often originate from very well-resourced criminal gangs or even hostile nation states. For this reason, it has become best practice in the cyber security world to assume that it’s a matter of when, not if, a breach will occur. The CNI initiative, with the backing of the forthcoming Cyber Security and Resilience Bill, will mandate that data centers implement robust security protocols and adhere to higher security standards to protect sensitive data. This increased focus on security can only be beneficial.
Understanding the impact of data center CNI designation on sustainability
According to a 2022 National Grid study, UK data centers consume between 2–3 terawatt-hours (TWh) of power per year - enough electricity to power up to 800,000 homes annually. However, consumption is increasing and is set to jump dramatically over the next 10 years. Energy consumption is a well known issue, and data center operators have been working to address the enormous challenges this presents, especially in relation to carbon emission and sustainability commitments.
In addition, data center operators and in many cases, their customers will now have to contend with additional burdens that arise from CNI designation. In many cases this new directive will result in some duplication of infrastructure through the addition of more systems and software to protect data. This in turn will result in increased power consumption and generation of e-waste, which runs counter to sustainability goals. Under this new dynamic, it will be more important than ever for operators to look to solutions that are the most efficient in terms of density. From a customer perspective, the best way to approach this challenge is to measure efficiency on a per watt basis.
As we grapple with the issue of ever-increasing data storage needs, which is driving even greater demand on power grids, there’s a great deal of focus from some of the technology sector’s biggest players to find solutions. Microsoft, Google and Amazon think that powering data centers with small-scale nuclear reactors might be a novel solution.
It's now pretty clear that power has become the main limiting factor when it comes to building and expanding data centers, and the increased focus on AI is only making the situation worse, as training and using AI models use significantly more compute and associated power than traditional software.
It is important to recognize there are ways to address power related challenges now, with all-flash storage technology. Within a data center, storage infrastructure generally accounts for 20-25% of energy usage. There is a huge opportunity to adopt high-density flash storage systems, which consume significantly less power compared to legacy HDD-based systems, and even ones based on “off the shelf” commodity SSDs.
The challenge of critical data differentiation
Deeper consideration of what constitutes critical infrastructure raises a parallel question about what constitutes critical data that resides in data centers. Not all data is of equal importance in the context of CNI, with NHS records, telecommunication network security, continuity for facilities like water, and other information which ensures our safety and security surely taking priority over non-critical data such as social media feeds.
Yet this is a very challenging issue to address and one that will require the implementation of agreed frameworks for data classification. Current data protection regulations like GDPR may be helpful in some respects here, as they offer clear guidance on the classification of personal data and the responsibilities of an organization in its handling. GDPR also helps organizations understand the types of data they hold, which is a first and critical step in understanding how that data might be prioritized once frameworks have been agreed. AIOps tools will most likely play a key, vital role in helping organizations looking to better understand the data they hold.
Reaping the benefits of CNI data center designation
In announcing CNI data center designation, the UK government is effectively recognizing a need to better protect the nation’s personal and institutional data. At the same time, they are effectively giving backing to the UK’s data center operators and encouraging more investment in the ecosystem, which is already substantial and predicted to expand over the coming years.
This is borne out in a report issued by techUK in November, after the CNI data center initiative was announced, which predicts over 40,000 new jobs in the sector by 2035 based on increased investment. This is of course very positive. However a critical next step in ensuring the effectiveness of CNI data center designation, and the realization of the UK data center's potential, is the development of an agreed framework on data prioritization classification, increased cyber resiliency and more robust sustainability practices.
We've featured the best green web hosting.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
