ST Telemedia Global Data Centres (STT GDC): Navigating evolving data center security risks and requirements

In recent years, data center security has come to the fore, with an increase in firmware attacks and security failures. Research shows that 83 percent of businesses have experienced firmware attacks in recent years, and in February, GDS and STT GDC hit the headlines when hackers compromised two large data centers in Asia, stealing customer data from the data center firms. Now, experts have warned that ChatGPT could even be a threat to data center security.

In February, a Blackberry survey of IT leaders found that 48% believed that it could be utilized to create new strains of malware, while 46% said it could be used to enhance existing malware attacks. Data center are reportedly a target of domestic terrorists, criminals, and politically and ideologically motivated actors, both physically and virtually. The impacts of this are not just stolen data, there are financial implications too, with IBM's latest Cost of a Data Breach report revealing that in 2022, globally, this figure reached $4.35 million, up 12.7% from 2020.

It makes sense, then, that bolstering security was identified as a priority for 700 IT professionals surveyed by Service Express, a data center maintenance provider. 

There are a plethora of solutions out there targeting breaches and seeking to enhance data center security. FPGAs, for example, have been highlighted for their role in detecting malware and helping to address breaches. Likewise, AI, while found to contribute to the problem on some levels, is also being pegged as the antidote to cyber threats simultaneously. Jim Reavis, CEO at Cloud Security Alliance, speaking to DataCenter Knowledge, for example, highlighted that ChatGPT is writing code for security orchestration, automation and response tools, DevSecOps, and general cloud container hygiene. 

Elsewhere, companies such as Quintillion Global, are releasing data center security guides. Released in late April, Quintillion's guide focuses primarily on how to spot threats, with an emphasis on phishing. The guide outlined that email categorization is a "primary part" of preventative security. With regard to ransomware attacks, the guide highlighted strategic disaster recovery planning as key.

There is also an influx of regulatory and legislative changes across the world seeking to combat data center breaches and bolster security. For example, back in March, the Federal Data Center Enhancement Act was introduced to bolster protections against physical and digital threats. The UK government is pursuing similar measures and, in 2022, launched a consultation on securing data centers as part of its National Data Strategy. Elsewhere, the European Union's General Data Protection Regulation (GDPR) and Brazil's LGPD have been introduced to strengthen data protection. The rise of edge is also proving to address a number of security and sovereignty concerns. 

The situation is undoubtedly one of flux, and adaptability and forward planning on mitigation will likely be top of mind for many operators across the industry as the security situation continues to evolve.