This content was originally published on The Resilience Shift website. The Resilience Shift, a 5-year programme supported by Lloyd’s Register Foundation and hosted by Arup, transitioned at the end of 2021 to become Resilience Rising. You can read more about The Resilience Shift’s journey and the transition to Resilience Rising here.

In the spirit of World Backup Day (31 March), Dr Alexander Taylor, a social anthropologist from the University of Cambridge and a founder of the Black Sky Resilience Group, introduces us to a sector that is often overlooked in discussions about critical infrastructure resilience: the data centre industry.

Do you know where your organisation stores its data? It’s not in the “˜cloud’. It’s in a data centre.

Vital systems today are increasingly mediated on many levels by data centres, which strive to ensure their smooth, reliable, and continuous operation. Yet these buildings remain largely absent in discussions about societal and infrastructure resilience.

Having spent the last several years conducting fieldwork in data centres and working with resilience practitioners from across critical sectors, it is clear that there is a deficit of knowledge about the role these buildings play in societal continuity.

Data centres power digital societies and enable our connected lives – something that the Covid-19 crisis has recently highlighted.

Like the electrical grid, data centres are meta-infrastructures that overarch and interconnect many other critical sectors. Transportation, energy, finance, national security, health systems and other lifeline services all rely on up-to-the-second data stored in and accessed through data centres. These buildings also run the systems that are  now essential to the functioning of  global logistics, government services and major organisations.

Everyday activities like debit and credit card payments, sending emails, booking tickets, receiving text messages, visiting the doctor, using social media, web conferencing and storing our digital photos all involve data centres. Yet most of us know very little about them, even if we interact with them on a daily basis.

One possible reason for this deficit of public knowledge about data centres is their infrastructural invisibility. Unlike the highly visible pylons and powerlines of the electrical grid, we don’t often directly experience or encounter data infrastructure. Data centres themselves are typically located in mundane-looking warehouses on the unfrequented outskirts of urban centres. The UK is one of the largest data centre markets in Europe. The majority of the UK’s data centres tend to be concentrated around London and the M25 corridor, though there are significant data centre clusters in every major city.

Locked within these cabinets are the servers where the data stored. Photo by A.R.E. Taylor

Another reason we know little about them is the language that we use to think about IT. We tend to think of the “˜digital/cyber’ in opposition to the “˜physical’. This simplistic binary thinking overlooks all kinds of hybrid cyber-physical complexity. In reality, nothing digital is devoid of material. Government agencies like the UK’s National Cyber Security Centre have long recognised IT systems as forming part of national critical infrastructure. Yet persistent focus on cybersecurity often overlooks the physical side of digital systems. Data centres exist in an infrastructure blind-spot, not quite visible enough to be widely understood as physical infrastructures but often not quite falling within the remit of cybersecurity.

Obscure metaphors like “˜the cloud’ further present this infrastructure as immaterial, placeless and intangible. “˜The cloud’ actually refers to huge banks of physical servers and hard disk drives located in data centres.  For this reason, data centres are sometimes called “˜server farms’ or “˜bit barns’ and tend to be thought of as sites where the cloud touches the ground.

With the rise of cloud computing, data processing and storage is increasingly moving out from local, on-premise IT departments and into commercial data centres. While large tech corporations like Google, Microsoft and Facebook can afford to construct and maintain their own private data centres, most organisations tend to lease space in facilities known as “˜colocation’ data centres. At the same time, global conglomerates like Amazon are increasingly moving into the infrastructure provision business. Amazon’s most profitable business today is no longer online retail but the selling of its infrastructure. Amazon Web Services (AWS) is Amazon’s cloud computing platform. It provides Infrastructure-as-a-Service (IaaS) to a proliferating array of business and governments alike. As it does so, Amazon is becoming essential to multiple social and economic sectors.

In an economic context where commerce, consumption, distribution and production systems, as well as critical infrastructures and public utilities increasingly rely on data centres, the consequences of data centre failure are expanding unequivocally.

A 2010 Viewpoint paper released by the UK’s Centre for the Protection of National Infrastructure (CPNI) recognised commercial data centres as “˜essential to the overall running of the country’. At the same time, very few facilities are formally designated as CNI (Critical National Infrastructure) and these buildings remain, for the most part, in the shadows of the urgent debates now occurring around societal and infrastructure resilience.

If data centres have become crucial to the delivery of lifeline services, then we need to start asking some of the questions that we typically raise in relation to critical infrastructure  protection.

 The data hall is where the servers are stored. Photo by A.R.E. Taylor

Part of my anthropological research has been focused on making data centres more present to the senses so that we might start to better understand and conceptualise these sites. Through photography exhibitions and podcasts, viewers and listeners have been introduced to the sights and sounds of data centres, as well as the people that work in these places.

By drawing attention to data centres as critical infrastructures, the hope is that infrastructure operators, regulatory bodies, asset owners and other interested parties will invest in resilient data centres. Contracts with data centre providers are often decided on cost effectiveness and bandwidth capacity rather than the continuity and resilience measures that data centres have in place to survive major failures. All too often, infrastructure operators simply do not know where their organisation’s data is being stored or which data centres their organisation is using. This is increasingly the case as the IT component of business continuity is increasingly being outsourced to third-party disaster recovery vendors. With the growing popularity of cloud-based disaster recovery (“˜Disaster Recovery as a Service’ [DRaaS]), data and the infrastructures that house this valuable asset, are increasingly removed from our direct control.

As digitisation and datafication permeate almost every sector of society, it is increasingly important that we invite data centre professionals to participate in discussions of societal resilience. Doing so might also encourage resilience specialists to start thinking about other underrepresented or “˜invisible’ infrastructures.

With thanks to Dr Alexander Taylor

Dr Alexander Taylor is a social anthropologist at the University of Cambridge and University of Winchester. He uses qualitative social science methods to study how infrastructure operators and asset owners define and operationalise “˜resilience’ in different industrial contexts. In particular, his work explores how data centre security practitioners and space infrastructure engineers grapple with space weather and electromagnetic pulses (EMPs) as threats to vital infrastructure systems. Dr Taylor co-runs the Social Studies of Outer Space Network and is a founder of the Black Sky Resilience Group, a network of researchers exploring societal and infrastructure resilience in relation to global catastrophic risks.