Data centres serve as the silent foundation of our daily lives, the core of online communication, business data, and many improvements including artificial intelligence ( AI), cloud computing, and the Internet of Things. To ensure maximum uptime, data centers rely on strong surveillance and continuous energy infrastructure—critical considerations in the design and development of data center real estate. Despite the importance and critical nature of the data center, safety of these facilities often competes with other priorities such as energy efficiency and real estate marketing.
COMMENTARY
As data center development and construction expands exponentially to support the rise of cloud computing, the growth of data/analytics, and AI, this once-speculative real estate market rose to an industry that is now valued at more than$ 200 billion, with expectations of doubling to$ 400 billion before the end of the decade. As a result of this growth, the data center sector has become more than just a support system for all personal and commercial information requirements, but rather data centers have become the fundamental backbone for the global digital economy, gateways for research and innovation and the baseline for informational transactions in all functions of daily life.
It is clear that data centers are no longer simply a commercial real estate play, but rather a key element of our global critical infrastructure. Not only is the industry becoming too big to fail, but any level of failure or lack of resilience in this sector will result in significant industrial and governmental consequences.
Physical threats to data centers stem from vulnerabilities in their design and operational frameworks. Many facilities are constructed in remote or industrial locations, offering the advantage of isolation but sometimes lacking robust access controls. Unauthorized entry through poorly monitored gates, tampered perimeter fencing, or even insider complicity can lead to devastating outcomes. The consequences of neglecting physical security are magnified when considering a compromised power source or cooling system which can render entire data halls inoperative, leaving millions without access to critical digital services. Cyber attacks and breaches also serve as significant threat vectors, however the common root cause of these attacks stem from insider threats, physical breaches and sabotage.
Want to learn more about how power demand and other issues associated with data centers is impacting the power generation sector? Read this POWER Primer on data centers, and register to attend POWER’s Data Center POWER eXchange event in Denver, Colorado, on Oct. 28. The summit is associated with POWER’s Experience POWER event in Denver scheduled Oct. 28-31.
Energy demands are an often-overlooked aspect of implementing a comprehensive data center security program. A fully integrated security system, from advanced surveillance cameras to access control devices to server protection systems, requires a reliable power source. Inadequate power planning can jeopardize security by introducing vulnerabilities in critical systems. Ensuring critical power control systems and their associated firmware do not provide a back door to access critical systems is key to ensuring a complete security dome. Backup power solutions, such as redundant generators and battery storage, are essential to ensure seamless operation during outages or emergencies. Designing a facility with energy and security as intertwined priorities ensures that neither function undermines the other.
In September 2024, the UK government designated data centers as Critical National Infrastructure ( CNI), which recognizes a data center’s criticality to the country’s social and economic structures just as public water, financial institutions, energy utilities, and public communications systems do. This designation by the UK government underscores the importance of data center security, resilience, and reliability.
The UK is not alone in categorizing data centers as critical infrastructure. The EU has defined specific security requirements for data centers as part of the Network and Information Systems ( NIS ) Directive as well as specific digital safeguards for the Financial Services Sector as part of the Digital Operational Resilience Act ( DORA ). These designations provide minimum frameworks to define how data centers should be powered, protected and regulated within the UK and EU.
In the U. S., data centers exist within several of the 16 critical infrastructure sectors defined by the Department of Homeland Security ( DHS) and Cybersecurity Infrastructure Security Agency ( CISA ) as defined by Presidential Policy Directive 21 ( PPD-21 ). Data centers have direct impact on the information technology, communications, healthcare and public health, financial services, and energy sectors. Industry standards such as ISO/IEC 17001, TIA-942, SOC 2, FISMA ( for data centers supporting the U. S. government ), and PCI DSS drive much of the security program requirements at modern data centers.
Investing in redundant systems, disaster recovery plans, and robust physical and cybersecurity measures is essential to counter the growing threats in the data center industry. The interdependency between data centers with critical sectors such as energy and telecommunications underscore the need for coordinated infrastructure management. Disruptions in any of these sectors can cascade affecting services, industries, and economies on a global scale.
Exponential market growth, coupled with the realization that data centers are critical infrastructure, data center developers must align to regulatory requirements and industry standards. Data center providers and developers must adopt a risk-based approach to security and power, tailored to specific locations and operations. Recognizing data centers as critical infrastructure is essential to resilience across industries and ensures their stability preparing the sector to meet evolving demands and expectations.
—Terry King is vice president, STC Operations, and John Bekisz, PE, PSP, is vice president, Data Center &, Critical Infrastructure Practice, for Guidepost Solutions.