It was a project that attracted plenty of attention, but many people likely still haven’t heard of: one of the world’s biggest tech companies placing a data centre on the ocean floor.  

As COVID dominated media headlines, Microsoft in September 2020 revealed its research arm had retrieved a data centre encased inside a sealed tube the size of a shipping container deployed 117 feet below the surface off Scotland’s Orkney Islands two years earlier. 

And the results were good.  

Not only did the servers experience less corrosion from the sealed environment with no oxygen and fewer temperature fluctuations, but reliability was better and they can theoretically be rolled out quicker around the world than land-based data centres requiring concrete and buildings. 

Reflecting on so-called Project Natick at a recent Westpac technology event, Microsoft Azure’s chief technology officer Mark Russinovich said it also helped progress Azure’s shift to “liquid cooling”, a complex but more sustainable process than air cooling its data centre servers. 

“It’s extremely promising. We actually estimate that in a three to five-year timeline, we will be having all of our data centres liquid cooled,” he told Westpac’s internal “TECHx21” event last month during a discussion with the bank’s chief technology officer David Walker

Along with rising digitisation across the economy, “ESG”, or environmental, social and governance, has been one of the biggest corporate developments in the past decade. While technological advances are often seen as solutions, some developments can also pose challenges, for example cryptocurrencies, which have been criticised for the amount of energy required to “mine” them at the same time as being lauded for exposing the benefits of the blockchain. 

Westpac’s Mr Walker said that with “compute loads going through the roof” and exponential growth in data as the world increasingly digitises, finding ways to neutralise the environmental impact was a big issue for the world and the bank was committed to supporting the clean energy transition and had several initiatives in train.

Likewise, Microsoft has a range of sustainability targets, including aiming to be “carbon negative” by 2030 and, eventually, for all historical emissions since its founding by Bill Gates and Paul Allen in 1975. Azure, the group’s cloud business launched in 2010, also aims to be powered entirely by renewable energy by 2025 and ultimately replenish more water than it consumes from data centres.

Amid heightened focus on climate change in the wake of the Glasgow COP26 conference, Mr Russinovich said there was an overall energy efficiency benefit of more organisations shifting to the cloud from physical “colos”, or co-location data centres. 

“Fundamentally what it boils down to is how energy efficient your data centres are,” Mr Russinovich said. 

“Our data centres today have PUEs (power usage effectiveness) somewhere in the neighbourhood of 1.1 to 1.15 averaged across the whole fleet and the average IT colo is around the 1.8.  

“So, this is another benefit of going to the cloud – you’re going to be much more energy efficient than probably you are with your own on-premises colos.” 

In the wake of several high-profile recent cyber attacks, Mr Russinovich also warned that organisations can no longer “hide in the masses” hoping hackers and other online bad actors go after more lucrative targets. 
 

Mr Russinovich speaking at an event in Ireland in 2015. (Getty)

He said while the tech giant would always be a big target, it was also incredibly resourced and secure, pointing to the pledge this year to spend an additional $US20 billion over the next five years on cyber security and its 3500 staff focused just on protecting its infrastructure and services. A Deloitte survey in 2020 of more than 500 IT leaders and executives found security and data protection was the top driver in shifting to the cloud, which had become the “primary location” to store data. 

However, some companies continue to use “hybrid” models involving cloud and other options.  

“In the early days, I’d talk to customers and they’d say ‘well so you’re spending more on cyber security but you’re also a big target, we’re not as big of a target’,” Mr Russinovich said. 

“And actually, I think that kind of thinking is extremely risky because everybody is a target. In fact, the attackers go after the weakest link. Yes, Azure is a bigger target, but Azure is also much more strongly protected. 

“If they have a choice of spend a little effort, go after somebody that’s not well protected or spend a lot of effort and go after someone that is, even if there’s more reward potentially, they’re probably going to go after the lots of less protected. 

“So, I think hiding in the masses doesn’t work anymore, as we’ve seen from ransomware attacks over the last couple of years. Everybody becomes a victim.”

Tech giants, big business, governments and regulators are ramping up their investment and focus on cyber security following several notable data breaches and cyberattacks in recent years, including twitter, Colonial Pipeline, Facebook, JBS, Toll Group and the Australian Securities and Investments Commission. 

Microsoft itself has also suffered breaches, while the Reserve Bank of Australia recently said the number of cyber attacks on financial institutions “continues to trend higher”, and despite the major players having significant resources and among the best defences, breaches couldn’t be ruled out. 

Mr Russinovich, Azure’s CTO since 2014, said “defending” customers’ data had always been key to its mission and instilling trust among customers and building “resilience” into its platform was a never-ending focus, including testing for black swan events. 

He added financial regulators had been supportive of Azure’s security over the years and of banks migrating to the cloud. 

“I think the bottom line is with the way the cloud has matured, the operational controls we’ve got in place, that we’re at least as secure as the best, most secure infrastructures in any industry, including financial services,” he said. 

“In fact, the financial sector and banks have pushed us in a very healthy way to actually be more secure with the controls we provide on top of the platform.”

Mr Walker backed the sentiments, noting the idea that “everything fails, all the time” was a core engineering principle, and had to be designed and constantly tested for to ensure ongoing resilience.

Richard Johnson, our chief information security officer, is one of the most forward-thinking CISOs I’ve ever had the pleasure of working with. He’s always articulated the view that cloud done well, in terms of security, could probably be more secure than on-premise, and our on-premise tech is quite secure,” he said. 

“So certainly we believe that going to the cloud can be a security-improvement story.” 

Noting Westpac’s four technology principles of “digital to the core, automate everything, built for change and evergreen technology”, Mr Walker also asked Mr Russinovich about how Azure’s other clients have rearchitected and migrated to the cloud. 

Mr Russinovich said leadership was key and recommended ambitious targets to more quickly shift to the cloud, removing the complexity of straddling the use of on-premises data centres at the same time. He said the standard migration “playbook” from clients was to assess their applications and figure out which ones to retire or switch to software as a service, then “lift and shift” and potentially modernise apps along the way. 

“It has to be a top-down mandate that supports this,” he said.

“I’ve seen companies try it from bottom up, but unless you have the support of leadership, changing the culture and changing the priorities of the entire company, you will run into excuses in support of ‘let’s keep things safe, and let’s keep things the way they are, let’s take our time and evaluate this’.  

“With some urgency and aggressive deadlines, it’s amazing how much the kind of concerns can be addressed in creative ways that were considered blockers otherwise.”