The tech industry is booming—Deloitte projects that global spending on the sector will increase by 9.3% this year—AI is the hot new commodity on the digital market, and data is driving it all. That has led to a heightened demand for data center capacity, which is increasing by 15% annually—though that’s not enough, according to JLL.
With that added demand comes a rise in threats, and physical danger to data center security is often overlooked. Kiersten Todt, former CISA chief of staff, told IT Brew in a recent interview the lack of focus on those threats represents a dangerous gap in security.
“A physical breach can have the same catastrophic impact as a cyberattack,” Todt said.
IT Brew spoke to Todt to get a better sense of the danger, and some solutions.
This interview has been edited and condensed.
The physical threats to data centers are very real, clearly. What can you tell us about what you’ve seen and the danger here?
It’s sort of like breaking and entering. Several years ago, when I was at CISA, we saw physical attacks on grids in North Carolina. I think it was gunshots at the time.
In this world of technology, we’re thinking about digital attacks and digital breaches. But we can’t forget that these entities, particularly physical structures, are just as vulnerable to physical breaches. A physical breach can lead to the theft of sensitive information, financial losses, operational disruptions, and then even reputational damage.
We are seeing that. That means that is a big concern. And one in 10 data breaches can be traced back to a compromise in physical security. It’s a reminder that cyber and physical are linked.
Can you explain more about the difference between the cyber and physical threats, and how they can be part of a unified danger to data centers?
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
If we’re worried about a cyber breach, it can happen physically. But a physical breach on its own is equally concerning because of what it could mean. A breach of either can lead to the same type of devastation.
The digital sphere is obviously increasingly linked to the physical and vice versa. Weakness in one can be exploited to compromise the other. Post 9/11, Homeland Security was very focused on physical, and cyber was a secondary player. And then cyber sort of ended up trumping physical.
But what’s important is that there’s a convergence, which means that we can’t just rely on one. At the end of the day, we continue to see humans as—I won’t say always the weakest link, but a weak link…So, we focus on both to ensure that the convergence of the physical and the cyber, that sort of integrated infrastructure, is secure at the same level has never been more important, because both create vulnerabilities and opportunities, and true resilience comes from the strengthening of both.
Given the importance of the cloud in managing these kinds of solutions, should we expect to continue to see that technology playing a significant role in how security is managed at these sites?
What we’ve seen is integration across technology and locations with that cloud-first technology. Data centers need solutions that have multiple technologies, cross-site integration. And so when you’re looking at monitoring, video cameras, access controls, sensors, all of this is monitored using cloud technology. These cloud first solutions that converge the cyber and the physical are the easiest to scale.