Is ‘Zero Trust’ the Future of Data Centre Security?

As data centres grow and evolve, they become more and more complex. With a greater level of complexity comes a greater level of vulnerability, ready for cybercriminals to exploit.

The risk of breaches in cybersecurity are increased when AI technologies become involved, leaving data centres at high risk.

Industry leaders are looking to address these weaknesses head on, though. Many are advocating for the implementation of ‘zero trust’ measures, which regard no user or device as trusted by default within a network.

Stuart Miller, EMEA Data Centre and Construction Lead at OryxAlign, argues that traditional perimeter security is inadequate in modern cybersecurity.

“Adopting a zero trust model is the number one trend in enterprise security practice, as 60% of businesses anticipate a cyber breach in 2025,” he explains.

“According to BeyondTrust, only 24% of companies have their zero trust solution fully deployed, while around 76% are still in the process of implementing a zero trust approach, as a result of increased cloud utilisation and remote workers.”

A new age of cyberthreats

According to Stuart, traditional notions of how data centres should be secured are now completely outdated notion. He says, for instance, that the idea of fortifying the outer perimeter to shield the inner workings of a data centre “no longer holds up”.

Cyber threats now frequently exploit internal weaknesses, whether through compromised credentials or unsafe third-party connections.

“Once they're inside, they move around easily, taking advantage of the same trust-based systems meant to keep operations smooth,” Stuart says.

“That built-in trust has become a serious weakness.”

A zero trust model, conversely, addresses this vulnerability by continuously validating access using context-aware protocols that include identity verification, device assessment, behavioural analytics and strict adherence to detailed policies.

“In short, trust becomes a dynamic, verifiable state, not a permanent status,” Stuart reflects.

The problem is that modern data centres rarely operate as isolated entities.

Instead, they are often integrated within an expansive ecosystem incorporating public and private clouds, edge computing and container orchestration, meaning they need a security approach that can function seamlessly across diverse infrastructures.

“Nor can it maintain consistency in access control,” Stuart says. “Zero trust provides a framework for maintaining unified policy enforcement regardless of resource or user location."

The future of cybersecurity in the data centre sector

Stuart believes that a successful zero trust model hinges on visibility.

He thinks that micro-segmentation, a tactic that isolates secure zones within a data centre or cloud, is the best way of achieving this kind visibility.

In micro-segmented systems, each zone has specific access guidelines to prevent intruders from expanding their reach once inside.

“In a flat network, once someone gets in, they can often slip between systems unnoticed,” he explains. “Micro-segmentation prevents that by applying strict, context-aware rules at the workload level, so even internal traffic gets checked.”

East-west traffic, or internal communications, often overlooked by traditional defences, are a real focal point in zero-trust systems.

These systems employ micro-segmentation to monitor and manage these interactions in real-time, using network fabric or hypervisor-based enforcement points.

Paired with identity-aware networking and automated policy tools, micro-segmentation offers flexible security that also improves monitoring, anomaly detection and forensic analysis capabilities.

Looking ahead

As public awareness around data centre infrastructure grows, so too does the need for robust security measures, particularly with the rise of AI and complex workloads.

“Zero trust redefines security as a continuous process of validation,” says Stuart.

“It enforces identity-driven access, inspects traffic at all layers and treats every request, even from within, as potentially hostile.”

For data centres, embracing zero trust translates to enhanced control, visibility and resilience, enabling scalability in response to growing complexity.

The pressing question for IT leaders is not whether to transition to zero trust, but rather how swiftly they can embark on this journey to secure their data environment effectively.