12 Dec 2022
Many of my colleagues went to the excellent DCD Awards last week to network with their fellow industry peers. It's the traditional 'end-of-year' get together for our community. The nature of activity, projects, timelines being brought to a conclusion at an 'end of year' event made me realise even more how my area of the business is 365/24/7.
Compliance and security especially, never sleep and while Team Kao enjoyed a brilliant Christmas get-together last week, everything at our data centres was still being monitored, checked and under close scrutiny - that's the significance of data centres to our customers, and as the pandemic showed us, communities and the country.
This significance is growing, and so much so that the UK Government has recently published a consultation on new measures to boost the security and resilience of critical infrastructures and is requesting input on whether measures that have been mandated for other sectors should also be used for data centres. Whilst some aspects of this consultation could be deemed as regulation overkill, demand for tighter control and accountability is not unreasonable considering that all information pertaining to our personal and professional identities, as well as IoT derived data, is stored on a computer, or in a data centre, somewhere.
Data centres are no longer in the shadows
Global digitisation in relatively short timeframes – again fuelled by the pandemic - has also raised awareness about assured hardware performance and data security. As such both are coming under greater public scrutiny. It’s not just about operability, data centres are increasingly finding themselves at odds with environmentalists because of their energy usage and the perceived impact they’re having on the environment.
Data, for example, has become a highly tradable commodity on the darknet, so regulations pertaining to infrastructure resilience, cloud security and cyber security must be strictly enforced and adhered to. Enterprises and SMEs, regardless of sector, are increasingly imparting huge chunks of their business responsibilities onto data centre and colocation providers. They want reassurance they’ve selected the right provider for their requirements, and that their SLAs will be met, regardless of any unexpected event. Compliance is therefore integral to a client’s risk assessment process. Not only that, demonstrating compliance assures both customers and suppliers, bolsters investor support and is fundamental to protect brand reputation.
The industry has always been tightly regulated
Although regulatory compliance is currently very much in “Vogue”, the industry has always been tightly regulated. What has changed more recently, is the broadening scope of said regulation. Once limited to a provider’s actual facility, it has now moved into the realms of CSR (corporate social responsibility) and ESG (Environmental, Social, and Corporate Governance) - focusing on energy sources, sustainability and carbon emissions in particular.
To complicate things further, no single industry standard - ISO9001, IS04001, ISO22301, IS027001, IS045001 - relates solely to critical infrastructure. Data centres, because of their sheer magnitude, must satisfy the requirements of all the above and more besides.
Things don’t stand still as far as compliance is concerned either. Regulation is a constantly moving target and those responsible for enforcement must be ahead of the game, primarily because the consequences of non-compliance can be very serious – and not just from a financial perspective.
To give this some context, I monitor all regulatory changes and noted that in 2020 circa 217 regulatory updates were posted every day globally. By 2021 this figure reached over a thousand thanks to new initiatives coming into play. Not all updates were data centre-related, but big numbers like these illustrate the scale of maintaining regulatory compliance, which has historically been a predominantly manual process. And, with numbers like that you can see why I was so pleased to have Niki Greene join us in the Compliance team last month!
Innovations in AI and machine learning are set to be a game changer because a well-implemented system can speed things up by dynamically monitoring changes, thus reducing false positives and addressing human error – all of which makes for far more efficient operations.
Not just a box ticking exercise
Regulatory compliance as far as Kao Data is concerned isn’t just about ticking the right boxes or obtaining the right certification. A significant proportion of our clients operate in highly regulated sectors, including the financial services space, and they consistently choose us because of our due diligence, our high performance campus and our sustainability ethos.
To a certain extent, the most challenging aspect of compliance as far as Kao Data is concerned is keeping pace with its own commercial success. As a business we’re growing quickly and driving best practice, making sure we’re operating in accordance with our own guidelines as well as our customers’, which is integral to the process. We are incredibly proud of our compliance standards, and we hope to lead the way in the integration of AI to compliance processes going forward.