The recent announcement by the UK Government that it would designate data centers as Critical National Infrastructure (CNI), placing them in the same category as energy and water systems, is a clear recognition of the vital role they play in today’s economy and society. There are no official records of how many data centers there are in the UK, perhaps down to the sensitive nature of data itself; however, Statistica puts the current number at 514, making it the third highest globally, trailing only the United States and Germany.
Table of Contents:
- The Cyber Resiliency Challenge
- Understanding the Impact of Data Center CNI Designation on Sustainability
- The Challenge of Critical Data Differentiation
- Reaping the Benefits of CNI Data Center Designation
It’s difficult to envisage any aspect of modern life that data centers don’t impact – from the way we communicate to our interactions with businesses and vital public services, including the NHS. We simply couldn’t function without them. While this government initiative is reassuring, its impact in real terms is questionable.
The Cyber Resiliency Challenge
It could be argued that the government is playing catch-up with its CNI initiative, particularly in relation to cyber security. In recent years, we’ve seen regulations come into effect, such as the National Institute of Standards Technology (NIST) security framework in the US and the European Union’s Digital Operation Resilience Act (DORA) and NIS2, which have become defaults for how data is managed and secured. That’s not to say that the UK CNI initiative isn’t valuable, because it is. Crucially, it sends out a clear message to data center operators that they have a responsibility to take specific steps to prepare for cyber-attacks and have robust recovery plans in place.
In reality, despite having the best enterprise-grade cyber defenses and strategies in place, some attacks will be successful. This is made clear by the most recent figures published by the UK Information Commissioner’s Office, revealing record levels of ransomware and cyber-attacks in 2023. It’s almost impossible to have foolproof cyber defenses, especially considering that attacks are constantly evolving and often originate from very well-resourced criminal gangs or even hostile nation states. For this reason, it has become best practice in the cyber security world to assume that it’s a matter of when, not if, a breach will occur. The CNI initiative, with the backing of the forthcoming Cyber Security and Resilience Bill, will mandate that data centers implement robust security protocols and adhere to higher security standards to protect sensitive data. This increased focus on security can only be beneficial.
Understanding the Impact of Data Center CNI Designation on Sustainability
According to a 2022 National Grid study, UK data centers consume between 2–3 terawatt-hours (TWh) of power per year – enough electricity to power up to 800,000 homes annually. However, consumption is increasing and is set to jump dramatically over the next 10 years. Energy consumption is a well-known issue, and data center operators have been working to address the enormous challenges this presents, especially in relation to carbon emissions and sustainability commitments.
In addition, data center operators and, in many cases, their customers will now have to contend with additional burdens that arise from CNI designation. This new directive will result in some duplication of infrastructure through the addition of more systems and software to protect data, which in turn leads to increased power consumption and generation of e-waste, countering sustainability goals. Under this new dynamic, it will be more important than ever for operators to look for solutions that are the most efficient in terms of density. From a customer perspective, the best way to approach this challenge is to measure efficiency on a per watt basis.
As we grapple with the issue of ever-increasing data storage needs, which are driving even greater demand on power grids, major players in the tech sector aim to find solutions. Microsoft, Google, and Amazon believe that powering data centers with small-scale nuclear reactors might be a novel solution.
It’s now evident that power has become the main limiting factor when it comes to building and expanding data centers. The increased focus on AI exacerbates the situation since training and utilizing AI models consume significantly more compute and associated power than traditional software.
However, there are ways to address power-related challenges, notably through all-flash storage technology. Within a data center, storage infrastructure generally accounts for 20-25% of energy usage. There is a significant opportunity to adopt high-density flash storage systems, which consume far less power compared to legacy HDD-based systems and even those based on “off the shelf” commodity SSDs.
The Challenge of Critical Data Differentiation
A deeper consideration of what constitutes critical infrastructure raises a parallel question about what constitutes critical data within data centers. Not all data is of equal importance in the context of CNI. For example, NHS records, telecommunication network security, and continuity for facilities like water should take priority over non-critical data such as social media feeds.
This is a challenging issue that requires the implementation of agreed frameworks for data classification. Current data protection regulations like GDPR may assist in this regard, providing guidance on the classification of personal data and the responsibilities of an organization in its handling. GDPR helps organizations understand the types of data they hold, which is a first and critical step in comprehending how that data might be prioritized once frameworks have been established. AIOps tools are likely to play a crucial role in helping organizations better understand their data.
Reaping the Benefits of CNI Data Center Designation
By announcing the CNI data center designation, the UK government is effectively acknowledging a need to better protect the nation’s personal and institutional data. At the same time, they are supporting the UK’s data center operators and encouraging more investment within this already substantial ecosystem, which is anticipated to expand further in the coming years.
This sentiment is echoed in a report by techUK released in November, after the CNI data center initiative was announced. It predicts over 40,000 new jobs in the sector by 2035 based on increased investment. This is undoubtedly a positive outlook. However, to ensure the effectiveness of CNI data center designation and to realize the potential of the UK data center landscape, an agreed framework on data prioritization classification, increased cyber resiliency, and more robust sustainability practices is essential.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here.
Leave a comment