Data Centre Security: Protecting Infrastructure from Physical and Cyber Threats

90% of cybersecurity incidents could be avoided, survey reveals

Organisations are navigating a landscape of mixed emotions as the Network and Information Security Directive 2022/2555 (NIS2) enforcement date approaches. A regulation that's aimed at strengthening cybersecurity across the EU by expanding the scope and increasing the rigour of security requirements, NIS2 goes into effect on 18 October 2024. Veeam Software, the data resilience expert, commissioned a new survey from Censuswide that revealed that only 43% of EMEA IT decision-makers believe NIS2 will significantly enhance EU cybersecurity. This is despite an overwhelming 90% of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months. Alarmingly, 44% of respondents experienced more than three cyber incidents, with 65% of those categorised as “highly critical”. The survey results, which encompass the views of over 500 IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK, revealed the state of play less than a month before this directive takes effect. Although nearly 80% of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds state they will miss this imminent deadline. Barriers to NIS2 compliance Achieving NIS2 compliance requires businesses to implement essential measures, such as defining incident response plans, securing supply chains, assessing vulnerabilities, and evaluating overall security levels. This includes all affiliated organisations, partners, and supply chains. However, several barriers to compliance persist. Key challenges cited by IT decision-makers include technical debt (24%), lack of leadership understanding (23%), and insufficient budget/investments (21%). Notably, 40% of respondents reported decreased IT budgets since the political agreement for NIS2 was proclaimed effective in January 2023, despite its stringent penalties, which are comparable to those of the EU's flagship data privacy legislation, the General Data Protection Regulation (GDPR). 63% of respondents view the GDPR as strict, and 62% express the same sentiment about NIS2. Competitive pressures amid cyberthreats The slow pace of NIS2 adoption is likely due to the multitude of competing priorities and business pressures that face these organisations. Respondents rank NIS2 lower in urgency than 10 other issues, including the skills gap, profitability, and digital transformation. Worryingly, 42% of respondents who consider NIS2 insignificant for EU cybersecurity improvements attribute this to inadequate consequences of non-compliance, which has led to widespread apathy towards the directive. Additional key findings from the survey include: 74% of respondents see NIS2 as beneficial, but 57% doubt it will have any substantial impact on overall EU cybersecurity posture. Sceptics cite additional concerns such as NIS2's lack of comprehensiveness (35%), belief that compliance doesn’t guarantee security (34%), and overlap with existing regulations (25%). Other barriers include a lack of focus on NIS2 compliance (20%), tight timelines (19%), cybersecurity skills shortage (19%), directive complexity (19%), and organisational silos (19%). Despite conflicting views, most respondents perceive NIS2 positively in the context of their organisation's regulatory obligations, feeling optimistic (33%), confident (32%), and encouraged (27%). Andre Troskie, EMEA Field CISO at Veeam, states, “NIS2 brings responsibility for cybersecurity beyond IT teams into the boardroom. While many businesses recognise the importance of this directive, the struggle to comply found in the survey highlights significant systemic issues. The combined pressures of other business priorities and IT challenges can explain the delays, but this does not lessen the urgency. “Given the rising frequency and severity of cyberthreats, the potential benefits of NIS2 in preventing critical incidents and bolstering data resilience can't be overstated. Leadership teams must act swiftly to bridge these gaps and ensure compliance, not just for regulatory sake but to genuinely enhance organisational robustness and safeguard critical data.” For more from Veeam, click here.

Veeam announces integration with Palo Alto Networks

Veeam Software, a data resilience expert, has announced a new integration with Palo Alto Networks, a global cybersecurity specialist, to simplify security operations and strengthen data resilience. This integration addresses the pressing need for organisations to take an integrated approach to protecting their data backups and proactively respond to cyber threats through the capabilities offered by Veeam’s new apps and Palo Alto Networks Cortex XSIAM and Cortex XSOAR. With this new integration, Veeam is the first Palo Alto Networks partner to independently design and develop a data collector, dashboards, and reports for Cortex XSIAM. Dave Russell, SVP of Strategy at Veeam, explains, "Cyber threats are a reality for every single organisation. It takes teamwork to fight this escalating battle against ransomware. We are excited to integrate with Palo Alto Networks to provide customers with capabilities to further strengthen their data resilience. This powerful integration enables our 550,000 customers to better protect their backups and respond to cyberattacks faster, tightening their security posture and helping to ensure reliable, rapid and trusted recovery.” In today's digital landscape, ransomware attacks are on the rise, with 96% specifically targeting an organisation's backups according to the Veeam 2024 Ransomware Trends Report. This alarming reality poses a significant challenge for IT and security leaders worldwide. Traditional tools struggle to scale for large enterprises, resulting in a high volume of alerts and overwhelming manual processes for security teams. To combat these challenges and fulfil customer demand, Veeam and Palo Alto Networks have integrated technology to centralise, scale, and automate data monitoring and incident response. By integrating Palo Alto Networks AI-driven security operations centre (SOC) platform with Veeam's recovery capabilities, organisations can identify and respond to cyberattacks faster, helping to ensure the resilience of their business-critical backup data. "We are thrilled to collaborate with Veeam, empowering organisations to respond and react more quickly to threats facing their critical data," says Pamela Cyr, VP of Technical Partnerships at Palo Alto Networks. "By combining the power of Palo Alto Networks' AI-driven SOC platform with data resilience capabilities from Veeam, we can help customers identify and respond to threats, ensuring the resilience of business-critical data. The new integration demonstrates our shared commitment to providing organisations with tools and technologies that help them proactively combat evolving cyber threats and strengthen their security posture." The integration introduces two new applications – the Veeam apps integrated with Cortex XSIAM and Cortex XSOAR that leverage a bi-directional API connection to monitor, detect, and respond to security incidents impacting critical business data and data backups. The Veeam app integrated with Cortex XSIAM brings data from Veeam Backup & Replication and VeeamONE environments into Cortex XSIAM, providing a centralised view of data and backup security-related activity. The Veeam app, integrated with Cortex XSOAR, enables regular API queries against Veeam Backup & Replication and Veeam ONE, monitoring for significant security events or alerts. Both applications are included at no charge to Veeam Data Platform Advanced and Premium customers. For more from Veeam, click here.

UK data centres designated Critical National Infrastructure

The UK government has made the country’s data centres Critical National Infrastructure to protect the country’s data against IT outages, cyber attacks and environmental emergencies. It’s the first Critical National Infrastructure designation since 2015, putting data centres alongside water, energy and emergency services systems, giving them greater government support when recovering from critical incidents. As part of the designation, a dedicated CNI data infrastructure team of senior government officials will be formed to monitor for potential threats, working closely with agencies such as the National Cyber Security Centre and emergency services to ensure data, from photos to NHS records, is protected. Jennifer Holmes, CCO at LINX, comments, “Data and network traffic is growing exponentially as people and businesses rely more and more on digital services. Here at LINX we have been classed as critical national infrastructure in the UK for many years and wholly support this recognition for our data centres, many of whom are valuable partners of ours. “As data continues to scale, resilient infrastructure becomes increasingly important to ensure uninterrupted data flow and protect against downtime, which can prove costly across many sectors. “This move should form part of a wider internet redundancy strategy, creating protocols and fail-safes to reroute network traffic in the event of an outage. Threats such as cyber attacks or extreme weather conditions are a case of when, not if, so it’s vital to have redundancies in place to not only protect data centres, but ensure networks stay online." With the CNI designation, the government will work to build contingency plans to mitigate risks and damage caused in the event of an attack against a data centre. This will work in tandem with the proposed Cyber Security and Resilience Bill to strengthen the UK’s cyber defences. Technology Secretary Peter Kyle says, “Data centres are the engines of modern life, they power the digital economy and keep our most personal information safe. Bringing data centres into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events.” It follows the Chancellor’s announcement of an £8 billion investment in the UK data centre market, aiming to create 14,000 jobs and spark economic growth. The UK is currently home to the highest number of data centres in Western Europe, becoming an increasingly valuable driver of the UK economy.

Kiteworks boosts data collection capabilities with new acquisition

Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), has acquired 123FormBuilder, a provider of advanced data collection through secure web forms and form-driven private content workflows. Kiteworks says that this strategic move further strengthens its position as a trusted provider for organisations seeking to protect sensitive content across their entire content communications ecosystem. “We are very excited to welcome Florin and the talented team at 123FormBuilder to the Kiteworks family,” says Amit Toren, SVP of Corporate and Business Development at Kiteworks. “123FormBuilder’s emphasis on security and compliance aligns with our PCN vision. Our customers will benefit from no-code, dynamic form creation, as well as bidirectional integration of web forms with various solutions such as Salesforce, Stripe, Shopify, HubSpot, and others. “In addition, this acquisition further solidifies Kiteworks’ aggressive growth strategy and demonstrates our continued momentum in expanding our market presence and technological capabilities through strategic M&A activities.” Integrating 123FormBuilder’s advanced data collection through secure web forms and form-driven private content workflows into the Kiteworks Private Content Network will enable 123FormBuilder’s customers to benefit from a unified platform that centralises tracking, control, and security of sensitive content communications. Consolidation of audit logs into one platform will also streamline compliance tracking and reporting for 123FormBuilder customers. 123FormBuilder offers a comprehensive, modern, secure web forms platform, enabling customers to build secure registration forms, order forms, surveys, and other form types quickly and easily. The company offers advanced no-code, drag-and-drop online form creation that includes conditional logic, e-signature functionality, multipage forms, file uploads, and integrations with over 45 popular tools for streamlined workflow automation. “123FormBuilder is thrilled to join the Kiteworks family and contribute to its PCN vision, empowering organisations to manage security and compliance risk across communication channels,” notes Florin Cornianu, CEO of 123FormBuilder. “Our team at 123FormBuilder has worked tirelessly to develop a secure and user-friendly platform for data collection, a technology that will thrive under Kiteworks’ guidance. The acquisition extends our long-term security and compliance commitment to innovation bolstered by a profitable, well-funded organisation committed to the highest security and compliance standards.” Kiteworks’ acquisition of 123FormBuilder follows on the heels of its recent $456 million growth equity investment. For more from Kiteworks, click here.

Custocy partners with Enea for AI-based NDR integration

Custocy, a pioneer in artificial intelligence (AI) technologies for cybersecurity, is to embed Enea Qosmos deep packet inspection (DPI) and intrusion detection (IDS) software libraries in its AI-powered network detection and response (NDR) platform. This integration will enable Custocy to improve accuracy and performance and support product differentiation through detailed traffic visibility and streamlined data inspection. Custocy uses layered, multi-temporal AI functions to detect immediate threats as well as persistent attacks. This approach streamlines the work of security analysts through attack path visualisation, improved prioritisation, workflow support and a radical reduction in the number of false-alarm alerts (‘false positives’). By integrating Enea software into its solution, Custocy will have the exceptional traffic data it needs to extend and accelerate this innovation while meeting extreme performance demands. Enea’s deep packet inspection (DPI) engine, the Enea Qosmos ixEngine, is the most widely embedded DPI engine in the cybersecurity industry. While it has long played a vital role in a wide range of security functions, it is increasingly valued by security leaders today for the value it brings to AI innovation. With market-leading recognition of more than 4,500 protocols and delivery of 5,900 metadata, including unique indicators of anomaly, Qosmos ixEngine provides invaluable fuel for AI innovators like Custocy. In addition, the Enea Qosmos Threat Detection SDK delivers a two-fold improvement in product performance by eliminating double packet processing for DPI and IDS, optimising resources and streamlining overheads. And thanks to Enea Qosmos ixEngine’s packet acquisition and parsing library, parsing speed is accelerated while traffic insights are vastly expanded to fuel next-generation threat detection and custom rule development. These enhancements are important, as demand for high-performing NDR solutions has never been higher. NDR plays a pivotal role in detecting unknown and advanced persistent threats (APTs), which is a challenge certain to become even more daunting as threat actors adopt AI tools and techniques. Custocy is well-positioned to help private and public organisations meet this challenge with a unique technological core built on AI that has earned the company a string of awards; the latest being Product of the Year at Cyber Show Paris. Jean-Pierre Coury, SVP Embedded Security Business Group, comments, “Custocy has developed its solution from the ground up to exploit the unique potential of AI to enhance advanced threat detection and security operations. AI is truly woven into the company's DNA, and I look forward to the additional value it will deliver to its customers as they leverage the enhanced data foundation delivered by Enea software to support their continuous AI innovation.” Custocy CEO, Sebastien Sivignon, adds, “We are thrilled to join forces with Enea to offer our customers the highest level of network intrusion detection. The Enea Qosmos ixEngine is the industry gold standard for network traffic data. It offers a level of accuracy and depth conventional DPI and packet sniffing tools cannot match. Having such a rich source of clean, well-structured, ready-to-use data will enable Custocy to dramatically improve its performance, work more efficiently and devote maximum time to AI model innovation.”

Veeam expands data resilience for Microsoft 365

Veeam Software, a data resilience specialist, has announced the release of Veeam Backup for Microsoft 365 v8, delivering comprehensive and flexible immutability for Microsoft 365 data. Organisations can now ensure their Microsoft 365 data is resilient by employing a zero-trust, multi-layered immutable strategy, ensuring that backup data is safe from potential changes or deletions so that its original integrity stays intact. Currently protecting more than 21 million Microsoft 365 users, Veeam safeguards customers’ critical Microsoft 365 data to ensure that their business keeps running no matter what happens. "Losing the critical data, files and communications housed in Microsoft 365 is a catastrophic scenario for any organisation," says John Jester, CRO at Veeam. "That’s why we’re protecting over 21 million users today, more than any vendor in market, making Veeam the number one data resilience solution for Microsoft 365. "Veeam Backup for Microsoft 365 v8 ensures that despite expected cyber-attacks and data disruptions, organisations have ready access to critical business information to ensure business continuity. Now with the most comprehensive backup immutability for Microsoft 365, this release includes new architecture designed for efficiency and scale, as well as added support which is based directly on customer requests.” Veeam Backup for Microsoft 365 v8 combines immutable backups with existing immutable copies, delivering total defence for organisations’ backups. It provides the flexibility to store backup data on any object storage, including Azure Blob Storage, Amazon S3, IBM Cloud Object Storage, or S3-compatible storage. In addition to enhanced immutability, Veeam enables increased enterprise scale and efficiency with Veeam Proxy Pools. This architectural update boosts backup processing speed by distributing traffic across multiple proxies. By intelligently sharing the load and staying under the radar of throttling, enterprises can achieve better backup performance and efficiently scale up large environments with tens of thousands of users. Responding to customers, Veeam has expanded its support with several new features. Organisations now have the ability to use Linux-based backup proxies, providing more choices and a lower total cost of ownership. Additionally, Veeam Backup for Microsoft 365 v8 now supports private and shared Microsoft Teams channels, offering comprehensive protection for this popular communication and collaboration platform. Key features of Veeam Backup for Microsoft 365 v8 include: • Comprehensive immutability: The most comprehensive backup immutability for Microsoft 365 on the market. • Enterprise scale: Purpose-built architecture designed to handle the largest enterprise datasets. • Added support: Private and shared Teams channels, Linux-based backup proxies, and MFA access to the UI. Learn more about the new Veeam Backup for Microsoft 365 v8 and discover how organisations of all sizes can keep their data secure, protected, and accessible during the VeeamON Data Resilience Summit, taking place virtually October 1 (AMER and EMEA) and October 2 (APJ). Register now for free by clicking here. For more from Veeam, click here.

Logpoint and Advitum partner to advance cyber defences

Logpoint has announced a new strategic partnership with Managed Service Provider (MSP), Advitum, with the intention of helping to boost security for organisations in Sweden. Advitum is creating a log management and security service based on Logpoint to offer log management, threat detection, investigation and response (TDIR), and compliance capabilities. “We’re thrilled to partner with Advitum to help Swedish organisations advance their defenses against cyber threats and demonstrate compliance,” says Fredrik Jubran, Logpoint Regional Manager MSSPs. “Advitum is a very capable MSP with great customer satisfaction, and we’re proud to join forces with it to alleviate Swedish organisations of pressing cybersecurity challenges, such as expanding data and cybersecurity regulations and the shortage of qualified experts in the field.” Founded in Kalmar in 2010, Advitum is an MSP with dedicated security services, ensuring customers have complete control and the ability to combat cyber threats. Adding Logpoint Security Information Event Management (SIEM) gives Advitum the resources to add more value to customers with a service built around log management, TDIR, and compliance. Advitum can manage the solution locally to increase data protection. “We work with several critical infrastructure organisations, facing high requirements for visibility and the ability to report IT incidents,” says Markus Persson, Advitum CEO. “Currently, small and medium-sized Swedish organisations are struggling to either build a SOC or buy a SOC or Managed Detection and Response (MDR) service. Combined with regulations and how cybercrime is accelerating, our partnership has a lot of potential to help address that. “Logpoint has a flexible solution, working across premises, which means that our customers can have certain parts in the cloud or go with a completely on-prem-based solution. In addition, Logpoint is a supplier that can adapt and is very close to its customers and partners, which is crucial for us.” Logpoint is Europe’s largest SIEM vendor, offering solutions to collect and analyse security data to help organisations detect, investigate, and respond to cyberattacks faster and comply with NIS 2, GDPR, and other data and cybersecurity regulations. Logpoint is the only European SIEM vendor with a Common Criteria EAL3+ certification, demonstrating high data protection and robust systems geared to withstand current and emerging threats. For more from Logpoint, click here.

JLL boosts data centres team with key hire

JLL, a global commercial real estate and investment management company, has appointed Mark Harper as a Technical Consulting Specialist for its data centre practice in EMEA. In this role, Mark will assist clients in meeting their technical needs within the entire JLL data centre division. Mark brings 27 years of industry experience and comprehensive knowledge of the operational landscape with him to JLL, where he will provide guidance in technical due diligence, drive operational sustainability, advise clients on technical risk management and legacy retrofit projects, explore technology innovation opportunities and promote operational excellence. Based in London, Mark reports to Catriona Shearer, JLL Global Consulting Lead for EMEA Data Centre Solutions. “We are excited to welcome Mark to JLL,” Catriona says. “He’s held numerous leadership, client management and project roles throughout his impressive career. His deep understanding of system design, modifications and asset management, in addition to his expertise with operational standards and best practice, will be an asset to our clients.” Mark was most recently the Technical Operations Manager for the service provider at the prestigious Telehouse London site. Prior to that role, he held several technical and leadership positions with SPIE UK, AMEC Facilities and Matthew Hall. He was responsible for the implementation of the UK’s largest data centre and oversaw the site evolution from one data centre to five across his tenure. Data centre demand has skyrocketed in recent years. JLL Research recently published a report on the growth trajectory for edge data centres, predicting that edge IT infrastructure and data centres will become a $317 billion market globally by 2026, representing a 107% increase since 2020. The demand for colocation, hyperscale, edge and enterprise data centres, fuelled in part by the rise of AI and machine learning, is transforming the sector and ushering in a new wave of innovation to better meet the demand and help operators reach sustainability goals. “I thrive on driving innovation and change and, with that, consistently keeping data centres at the forefront of technology advancements,” Mark Harper comments. “I’m thrilled to join JLL and further influence and shape the direction of data centres using industry-leading innovations.”

Node4 partners with Elastio to strengthen ransomware defences

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has announced a strategic partnership with cybersecurity company, Elastio. This collaboration is set to provide Node4 customers with enhanced protection against ransomware by ensuring the integrity of Veeam recovery points, minimising post-attack data loss and downtime. Backups are crucial for protecting against ransomware, but modern threats can infiltrate and hide within data without being detected. This can lead businesses to inadvertently back up compromised data, which leaves them vulnerable when they need to recover from an attack. Node4 and Elastio’s partnership addresses this issue by allowing Node4 clients to continuously check the integrity of their Veeam backups. This ensures any breaches are detected early and guarantees that recovery can occur from clean, uncompromised data. Najaf Husain, CEO of Elastio, comments, "Ransomware is a scourge that is not going away any time soon, and we're seeing increasingly sophisticated threat actors use tactics to compromise backups. The new standard has to be for businesses to not only be prepared for disaster recovery, but for cyber recovery. That means ensuring that your backups are clean and recoverable. We are excited to be working with Node4 to bring our anti-ransomware for backups technology to their clients so that they can be ransomware ready. Elastio’s RansomwareIQ AI/ML engine performs deep file-level inspections on Veeam backups, detecting ransomware encryption that bypasses other solutions with 99.99% accuracy. In the event of an attack, it automatically directs you to a clean recovery point to streamline business continuity. Mark Skelton, Chief Technology & Strategy Officer at Node4, emphasises the importance of robust cybersecurity measures, stating, “In today’s digital age, effective and reliable backups are crucial for business continuity. Our partnership with Elastio ensures that our clients not only have state-of-the-art backup solutions, but also the assurance that these backups are uncompromised by ransomware. We are committed to empowering our clients to be resilient and ready in the face of evolving cyber threats.” Node4’s collaboration with Elastio also complements its N4Backup Veeam Cloud Connect solution, enhancing its offerings to businesses utilising Veeam Backup and Recovery software. This strategic initiative is part of Node4’s ongoing commitment to providing comprehensive, end-to-end services that support UK businesses in their transition to secure, cloud-based infrastructures. By integrating Elastio’s anti-ransomware technology, Node4 not only fortifies its defence mechanisms, but also ensures its clients are equipped with the necessary tools for both disaster recovery and cyber recovery. For more from Node4, click here.

Kiteworks Private Content Network vision validated by investment

Kiteworks, a provider of secure content communications, has announced a $450 million (£348m) growth-equity investment from global software investors, Insight Partners and Sixth Street Growth. The investment, a partial liquidity event, will reportedly strengthen Kiteworks’ market position in secure data transfer and collaboration as the only security platform authorised by FedRAMP to provide unified support for file sharing, managed file transfer, and email data communications to meet a broad range of global compliance requirements.Jonathan Yaron, CEO and Chairman of Kiteworks, states, “This minority stake investment affirms Kiteworks’ role in providing a revolutionary solution to the world’s growing challenge of tracking and controlling sensitive data in motion and use. With recent ground-breaking innovations such as Next-Gen Digital Rights Management, combined with the growing industry and regulatory focus on tracking and controlling the data layer, the road to realising our vision has never been clearer. We’re excited to accelerate our growth and continue innovating to meet the evolving needs of our customers with the support of Insight Partners and Sixth Street Growth.”The new investment comes as organisations face an expanding cybersecurity risk due to complex third-party ecosystems and an increasingly stringent compliance landscape. Cybercriminals are targeting sensitive content in growing numbers, with supply chains offering significant opportunities for malicious actors. Meanwhile, compliance regulations such as CMMC, NIS 2, and HIPAA demand robust data protection measures.The Kiteworks PCN addresses critical cybersecurity challenges facing organisations worldwide by unifying the primary content communication channels of file share, file transfer, managed file transfer, email, APIs, and web forms into a dedicated secure platform. The investment from Insight Partners and Sixth Street Growth not only validates the company’s vision, but also signals a broader recognition of the essential role that secure content communication plays in today’s digital landscape. As cyber threats evolve and regulatory environments become more complex, Kiteworks stands ready to help organisations worldwide safeguard their most valuable digital assets.Eoin Duane, Managing Director at Insight Partners, comments, “We were immediately impressed by Kiteworks’ exceptional growth and innovative approach to securing content communications. In today’s complex digital landscape, Kiteworks addresses a critical market need and stands out as a leader in providing effective solutions that significantly improve risk management. We’re excited to partner with the Kiteworks team as they continue to help shape the future of cybersecurity.Alex Katz, Managing Director at Sixth Street Growth, adds, “Jonathan and the Kiteworks team are proven innovators and have architected a platform which is purpose-built to meet the challenges of the most secure and compliance-sensitive organisations. We’re excited to support their continued success and help Kiteworks capitalise on the significant market opportunities ahead.”Eoin Duane and Peter Sobiloff from Insight Partners and Alex Katz from Sixth Street will join the Kiteworks board of directors. For more from Kiteworks, click here.