Anil Nama, CIO at CtrlS Datacentre outlines the shift to resilience-driven data centres, using AI-led observability, zero-trust security, and sovereign compliance to ensure uninterrupted operations
As enterprises accelerate their shift toward AI-led, distributed digital infrastructure, the role of data centres is undergoing a fundamental transformation. No longer confined to being secure, isolated facilities, modern data centres now underpin critical national workloads, from financial systems to digital public platforms, making them central to both business continuity and national resilience.
In this conversation, Anil Nama, CIO at CtrlS Datacentres outlines how CtrlS is re-architecting its data centre framework to align with these new realities. The discussion spans its transition to resilience-driven, zero-trust infrastructure; the integration of AI-led observability and automated response systems; and the complexities introduced by high-density AI workloads. It also addresses the growing importance of sovereign security, hardware supply chain integrity, and the convergence of physical and cyber security.
CIO&Leaders: Traditionally, data centre security focused on “keeping the bad actors out.” With the rise of distributed workloads and AI, the focus has shifted to resilience, how quickly you can recover. How is CtrlS re-architecting its framework to ensure that uninterrupted service is guaranteed even during an active breach attempt?
Anil Nama: The shift from perimetre-based security to resilience-driven architecture reflects the evolving complexity of modern digital infrastructure. At CtrlS, the focus is no longer just on preventing breaches, but on ensuring uninterrupted service even in the event of an active threat.
Our Rated-4 fault-tolerant infrastructure eliminates single points of failure, ensuring continuous operation during disruptions or cyber incidents. It is built to contain, isolate, and recover from threats without affecting service. We use real-time monitoring and AI-led observability to detect anomalies early and trigger automated responses like workload isolation, traffic rerouting, and rapid recovery failover.
Our framework is built on zero-trust principles, continuous validation, and automated failover mechanisms that ensures any breach is contained, minimising its impact across environments. By integrating disaster recovery, active-active deployments, and intelligent traffic rerouting, we ensure that workloads remain operational even during disruptions. Cyber resilience, for us, is about designing systems that can absorb disruptions, respond in real-time, recover instantly, and continue delivering seamless performance without impacting end-users.
CIO&Leaders: As data centres host more national digital workloads, they effectively become part of a country’s critical infrastructure. How does this change the compliance and sovereign security obligations for an operator like CtrlS compared to five years ago?
Anil Nama: As datacentres increasingly support critical national infrastructure that ranges from financial systems to digital public platforms, the expectations around compliance and sovereign security have significantly intensified. Compared to five years ago, operators are now required to align more closely with evolving data localisation norms and sector-specific regulations, but also with stringent audit frameworks and real-time compliance validation.
At CtrlS, this meant strengthening our compliance posture across multiple layers, including globally recognised standards such as ISO 27001, ISO 22301, and ISO 27701, supported by rigorous operational processes and regular internal and external audits.
“Sovereign security plays a crucial role in the design and operation of dataventres as data needs to be kept within national borders.”
At the same time, sovereign security now plays a crucial role in the design and operation of datacentres. This involves keeping data within national borders, maintaining complete control and oversight of data environments, and ensuring that infrastructure aligns with changing national data governance policies. Datacentres are no longer just service providers, they are custodians of critical digital ecosystems where trust, security, and accountability are paramount.
CIO&Leaders: AI requires high-density compute and massive data ingress/egress. How has the specialised infrastructure required for AI (GPUs, liquid cooling, high-speed interconnects) created new, unforeseen vulnerabilities in the physical or digital data centre layer?
Anil Nama: AI infrastructure introduces a new class of challenges that extend beyond traditional datacentre risks. High-density GPU environments, liquid cooling systems, and high-speed interconnects significantly increase both the physical and digital complexity of operations, creating potential vulnerabilities.
For instance, dense GPU clusters can create thermal hotspots undetected by standard monitoring, and reliance on advanced cooling makes system vulnerable to operational or malicious disruptions stability. At the same time, liquid cooling presents additional physical risks, including system dependencies, leak risks, and stricter infrastructure tolerances design.
On the digital side, large-scale data movement and multi-tenant AI workloads heighten risks around data integrity, model security, and lateral threat propagation.
CtrlS addresses these challenges by combining secure infrastructure design with advanced monitoring, micro-segmentation, and real-time threat detection. The focus is on ensuring that as infrastructure becomes more powerful and dense, it also becomes more controlled, observable, and resilient against emerging threat vectors.
CIO&Leaders: Is CtrlS currently deploying “AI-to-fight-AI”? Specifically, how are you using machine learning to detect anomalous patterns in data traffic or power consumption that might signal a sophisticated, low-and-slow cyber-attack?
Anil Nama: Yes, AI is increasingly becoming a critical component of our cybersecurity strategy. At CtrlS, machine learning models are used to analyse large volumes of telemetry data across network traffic, system performance, and even power consumption patterns to detect anomalies in real time. This multi-layer visibility enables us to detect subtle anomalies that could suggest early-stage or evasive attack patterns.
This approach is unique because it can correlate signals across various infrastructure layers. For example, analysing deviations in power consumption or workload together with network patterns can enable the identification of subtle, low-and-slow attacks that may otherwise go unnoticed in traditional systems. By correlating behavioural patterns across infrastructure layers. AI-driven systems can then flag deviations, trigger automated responses such as traffic isolation, workload containment, and rapid remediation, significantly reducing response time and limiting potential impact.
As cyber threats become more sophisticated and AI-powered, leveraging AI for defence is essential to maintain speed, accuracy, and scale in threat detection and response.
CIO&Leaders: In a Rated-4 environment, we often talk about redundant power and cooling. However, how do you integrate physical security (biometrics, surveillance, access control) with cyber security (zero-trust network access) so they aren’t operating in silos?
Anil Nama: In modern datacentres, physical and cyber security can no longer operate in silos, they must function as a unified, intelligence-driven system. At CtrlS, we follow a converged security model where physical access controls, surveillance systems, and biometric authentication are tightly integrated with cyber security frameworks such as zero-trust access and continuous monitoring.
This integration is enabled by a multi-layered, zonal security architecture aligned with our Rated-4 design, which connects each physical access point to a digital identity and system-level activity. For instance, physical access events are correlated with system-level activity in real time across user authentication, workload access, and network behaviour, enabling us to detect anomalies such as mismatches between physical presence and system activity. Multi-layered security zones, 24/7 security operations centres, and integrated monitoring platforms ensure complete visibility across both physical and digital environments. This unified approach strengthens overall resilience by enabling faster detection, coordinated response, and comprehensive risk management across the entire datacentre ecosystem.
CIO&Leaders: With global geopolitical tensions, the provenance of hardware from chips to cooling units, is under scrutiny. How does CtrlS ensure the integrity of its hardware supply chain to prevent hardware-level backdoors in the data centre?
Anil Nama: Ensuring hardware integrity has become a critical priority in today’s geopolitical environment. At CtrlS, we address this through a stringent vendor selection process, sourcing from trusted global OEMs and certified suppliers with proven track records.
We implement rigorous validation, testing, and auditing mechanisms across the supply chain to verify hardware authenticity and performance before deployment. Additionally, secure procurement practices, lifecycle management, and controlled access to critical infrastructure components help mitigate risks associated with hardware-level vulnerabilities. The focus is on building a transparent, traceable, and secure supply chain that minimises exposure to potential backdoors or compromised components.
CIO&Leaders: Many enterprises assume that moving to a Tier-4/Rated-4 data centre absolves them of certain security burdens. Where do you see the most common security gaps in the hand-off between the data centre operator and the enterprise tenant?
Anil Nama: One of the most common misconceptions is that moving to a Rated-4 datacentre transfers full security responsibility to the provider. Security is a shared responsibility. While CtrlS ensures infrastructure-level security, resilience, and compliance, enterprises remain responsible for securing their applications, data, and access controls.
“One of the most common misconceptions is that moving to a Rated-4 datacentre transfers full security responsibility to the provider. Security is a shared responsibility. “
Key gaps often arise in areas such as identity management, misconfigurations, inadequate encryption, and a lack of visibility across hybrid environments. To address this, we work closely with customers to provide clear demarcation of responsibilities, best-practice guidance, and integrated security frameworks, supported by continuous monitoring and managed services. Bridging this gap requires collaboration, continuous monitoring, and alignment between infrastructure and application-level security strategies.
CIO&Leaders: Looking toward 2027-2030, what is the one emerging threat that isn’t currently on the average CIO’s radar, but is keeping data centre operators like yourself awake at night?
Anil Nama: One emerging threat that needs greater attention is the rise of AI-driven, autonomous cyberattacks targeting infrastructure at scale. These attacks could be capable of adapting in real-time, exploiting vulnerabilities across interconnected systems, and operating at speeds beyond human response.
At the same time, risks around data integrity, such as model poisoning and manipulation of training datasets, could have far-reaching consequences, especially as AI becomes embedded in critical decision-making systems. In highly interconnected datacentre environments, such threats could also cause cascading effects throughout compute, network, and infrastructure layers.
For datacentre operators, this means preparing for a future where threats are not only more sophisticated but also more systemic. Building intelligent, adaptive, and self-healing infrastructure will be key to staying ahead of this evolving risk landscape.