Indonesian Political, Business & Finance News

End-to-End Protection for Cyber Resilience in IT and OT Data Centres

| Source: CNBC Translated from Indonesian | Infrastructure
End-to-End Protection for Cyber Resilience in IT and OT Data Centres
Image: CNBC

End-to-End Protection for Cyber Resilience in IT and OT Data Centres

Jakarta, CNBC Indonesia - Cyber resilience in data centres can no longer be defined solely by physical or operational redundancy, as the architecture of modern data centres has transformed. Data centres are no longer merely mechanical and electrical environments supported by Information Technology (IT); they are digitally governed operational ecosystems.

Data centres now encompass IT, OT, IoT, remote access, vendor tooling, identity services, and facility controls that interact in real time. Cooling, power, access control, CCTV, BMS, EPMS, DCIM, AI-powered analytics platforms, and monitoring are all within a single converged operational environment.

This convergence not only creates efficiency but also erodes traditional security perimeters. What was once considered an IT security issue now becomes a physical cyber resilience problem. A vulnerability in one layer can infiltrate another.

Through a compromised laptop, building management platforms can be breached. Poorly managed remote access can serve as an entry point into operational systems. A hacked corporate IT identity can be used to control critical facility functions.

This means that cyber resilience and security are no longer parallel; they mutually influence each other. It also proves that traditional security assurances are no longer sufficient. ISO-based certifications indeed provide evidence of good management systems. However, these certifications do not guarantee that OT and IoT logs correlate with IT telemetry in a common SIEM data lake.

Such certifications also do not indicate that critical and administrative accounts are protected with strong two-factor authentication, or that vendor access is monitored and time-limited. They do not validate that logical and physical separation between corporate environments and control environments can be maintained. ISO also does not ensure that backups are isolated from production and can be restored during a cyber attack on the facility.

Currently, expectations for data centre management accountability are also increasing. For operators serving regulated operations, resilience now carries legal, commercial, and oversight consequences.

Comprehensive cyber assurance encompassing the physical systems, IT, OT, and IoT that operate data centres is a prerequisite for Uptime to fulfil its commitments. The role of independent, specific Whitebox data centre assessments conducted by organisations with decades of experience in digital infrastructure and cyber security expertise is crucial.

The Data Center Cybersecurity Assessment (DCCA) is essential because it evaluates the overall cyber-physical operational ecosystem. DCCA also uncovers control gaps as they exist across physical systems, IT, OT, IoT, identity, remote access, third-party paths, logging, recovery, and governance.

This shifts the conversation beyond general compliance towards maturity driven by improvements, evidence-based assurance, and practical risk reduction.

Every data centre operator must now be able to answer five questions:

  • Are IT, OT, IoT, BMS, EPMS, DCIM, CCTV, and access control logs centrally correlated in SIEM data storage to detect cross-domain anomalies?

  • Is MFA and privileged access control enforced on all critical systems, remote paths, and administrative accounts without exception?

  • Is segmentation between corporate IT, OT, vendor access, and recovery states tested and maintainable, rather than just depicted in diagrams?

  • Are backups isolated from production, protected from ransomware propagation, and regularly tested for recovery of IT and operational systems?

  • Do we have complete visibility over third-party access, inherited supply chain exposures, and the cyber implications of every digital dependency in the facility?

If the answers are incomplete, what is needed is not just another ISO label.

The absolute requirement is an integrated infrastructure assessment that provides the ability for holistic risk visibility in priority order. Along with detailed recommendations that inform cyber maturity supported by a prioritised remediation roadmap.

Uptime Cyber provides an integrated Data Center Cybersecurity Assessment (DCCA). DCCA gives data centre operators independent visibility into physical, IT, OT, IoT, identity, and third-party activities.

View JSON | Print