Securing the Booming Data Center Economy

After two decades of continuous growth, during which public clouds and data centers became the backbone of our digital economy, data centers are experiencing a second wave of growth due to the explosion of Artificial Intelligence, which demands even more computing power.   

Of the  8,000 or so estimated data centers worldwide, 1,000 are hyperscale (Data Center Frontier, U.S. Contains Fully Half of 1,000 Hyperscale Data Centers Now Counted Globally, as Cloud Giants Race Toward AI, April 2024). And the top cloud providers continue to make significant investments to deploy additional computing power and ensure adequate electricity provisioning for these power-hungry monsters. Data centers consumed 460 TWh in 2022. That's greater than the total annual electricity production for Italy or Australia. A study from the "International Energy Agency (IEA) Sees AI, Cryptocurrency Doubling Data Center Energy Consumption by 2026, reaching a staggering 1,000 TWh in a worst-case scenario.

Usually, a data center uses the most energy on its servers and cooling systems, with networking equipment and storage drives close behind. Sizeable cooling systems, such as those used in hyperscale data centers, are managed using Operational Technology (OT) and, unfortunately, they are as prone to cyber attacks as typical IT technology, if not more. Any disruption to the power or cooling systems that enable the data center to operate can turn into a very damaging event similar to cyber attacks experienced directly on servers.  

According to Gartner, global cybersecurity is now a $200 billion market. While the cloud security market has rapidly expanded, the cybersecurity of facilities and related systems hosting these gigantic computing centers still needs to be developed.  

The security of Operational Technology (OT) and Cyber-Physical Systems (CPS) such as electricity distribution and cooling systems that keep data center operations protected from cyber threats can be categorized into several activities:  

• Evaluating the configuration of the OT/CPS environment for security best practices: use of multi-factor authentication, encryption of communications, use of strong passwords, or even applying a zero-trust architecture and access on a least-privilege basis. While the measures can be quite standard, these secondary systems are too often left open to internet access with no protection. (Physical Infrastructure Cybersecurity: A Growing Problem for Data Centers). 

• Properly assessing exposures and identifying vulnerabilities that could impact the integrity of the physical infrastructure supporting the data center. OT environments around data centers should be subject to the same vulnerability management and patching cadence as other IT systems. 

• Because they’re related to capital-intensive physical assets, measuring the financial impact of potential cyber incidents related to OT is important. It can start by translating vulnerabilities and exposures into cyber risk measured in financial terms, through a cyber risk quantification exercise.  

• With cyber risk quantified, owners of data center facilities can start to prioritize risk to be addressed first by facility.  

• Conducted monthly or quarterly, this will build a well-documented, evidence-based program for cyber risk management that can be used with executives and board members and even for regulatory audits, showing diligent management and governance.  

 DeNexus launched its DeRISK™ Cyber Risk Quantification and Management solution for data centers in 2023. In 2024, we have calibrated, improved, and perfected the solution with a tier-one hyperscale data center owner/operator, helping them uncover “hidden risks” and include cyber events triggered by physical assets. 

You can also read more about our approach to cybersecurity for data center facilities in a recent article in Beta News: “Priorities for data center OT security in the cloud era” 

Please contact us, if you have questions or are interested in a demo of our platform. You can also download a sample Executive Report as produced by our platform at: https://www.denexus.io/resources/ebook/executive-report