RECAP | 2024 Uptime Cybersecurity Survey Results

Data center cybersecurity spending and priorities are volatile topics in today’s industry. Both the threat community and investments in cyber are expanding exponentially, and data center leaders need to navigate complex internal and external environments as they develop organizational and technological defenses.

This roundtable began with a presentation of findings from the 2024 Uptime Data Center Cybersecurity survey. Data points discussed in this section included:

• Overall spending trends: 78% of respondents reported increases in data center cyber budgets, versus just 2% anticipating declines. One attendee responded quickly with the observation, “I’m not surprised.”
  
• Factors driving data center cyber investment and areas of data center cyber concern: these two survey questions used the same answer options, allowing roundtable attendees to compare issues that attract attention with those that attract budget. In general, top concerns – confidentiality of customer data, data loss or corruption, and maintaining service availability – attract both. Concern and spending are also pretty tightly linked for OT system vulnerabilities. The group discussion indicated that “attacks via third party service providers” are more worrisome than survey data indicates.
  
• The presentation section closed with a discussion of direct data center accountability and responsibility for the ten issues investigated in the survey. A model developed by LEET's Antonio Ramos showed that maintaining service availability and OT system vulnerabilities require direct data center cyber management.

The second part of the session looked at how changing threats, budgets and responsibilities require data center cyber leaders to re-think policies and procedures. Responding to a question asking “if you were advising a peer who was new to data center cyber about best practices in policy and procedures that align with corporate mandates and apply directly to data center needs, what would you focus on?” attendees – including executives and senior practitioners from both enterprise and colocation data centers – highlighted:

• Don’t operate in a silo.
  
• Focus on OT – don’t leave a back door into the data center.
  
• Stay aware of change and change management (“one tweak in the wrong place will open up a door into the data center”).
  
• Don’t allow polices to drift from procedures – make sure that they are supported with action.
  
• Maintain vigilance on third party risk management (or “nth party” – the example used here dealt with a potential breach via a fifth party that had been terminated three years earlier).
  
• Protect remote access; don’t leave “low hanging” vulnerabilities (this discussion also focused on effective policy).
  
• Stay consistent with compliance requirements, especially with respect to OT.
  
• Make sure that management is aware of the refresh cost for expensive equipment (e.g., generators, chillers) that tie into the BMS environment, so that defense strategies accommodate upgrades and refreshes.
  
• Stay current with data center cyber best practices!

The slide deck used in this discussion is attached.