How Zero Trust Could Reshape the Future of Data Centres
As data centre infrastructure develops and becomes more distributed, threat actors – or cybercriminals – are simultaneously becoming more sophisticated.
Data centres have inevitably become higher targets for cybersecurity threats, leaving critical systems exposed to a possible breach. With this in mind, industry leaders have been calling for zero trust to be the next best step to data centre cybersecurity.
Zero trust refers to a security framework that assumes no user or device is trusted by default.
Stuart Miller, Data Centre and Construction Lead, EMEA at OryxAlign, argues that traditional perimeter security is no longer enough to protect data centres. He shares his thoughts on why zero trust is critical for modern data centre security and how organisations can implement it effectively.
“Adopting a zero trust model is the number one trend in enterprise security practice, as 60 per cent of businesses anticipate a cyber breach in 2025,” he explains.
“According to BeyondTrust, only 24% of companies have their zero trust solution fully deployed, while around 76% are still in the process of implementing a zero trust approach, as a result of increased cloud utilisation and remote workers.”
Confronting increasingly sophisticated cyber threats
Stuart argues that the traditional security approach a data centre follows – building a strong perimeter on the outside to protect the inside – “no longer holds up”.
He suggests that threat actors now often slip in through internal gaps within the data centre, including through stolen credentials or insecure third-party connections.
“Once they're inside, they move around easily, taking advantage of the same trust-based systems meant to keep operations smooth,” he says. “That built-in trust has become a serious weakness.”
A zero trust model is designed to continuously validate access and uses context-aware mechanisms that include identity verification, device posture assessment, behavioural analysis and adherence to granular policies.
“In short, trust becomes a dynamic, verifiable state, not a permanent status,” Stuart says. “The need for zero trust becomes even more apparent when we consider the architecture of modern data centres. Few are standalone facilities anymore. Most are integrated into a broader ecosystem that spans public and private clouds, edge computing, container orchestration platforms and remote users.”
With this in mind, it has been argued within the data centre industry that a more traditional approach to security is unable to scale across diverse environments.
“Nor can it maintain consistency in access control,” Stuart adds. “Zero trust provides a framework for maintaining unified policy enforcement regardless of resource or user location.
“This approach shifts the focus from location to identity and context when granting access. It keeps data centres secure even as workloads move across platforms or new endpoints are added.
“It also makes it easier to meet new regulatory standards, which now expect constant monitoring and clear policies at every level of the infrastructure.”
Redefining data centre cybersecurity
In order to be effective, Stuart explains that zero trust requires visibility.
A clear example that he gives is micro-segmentation, a network security method that isolates secure zones within a data centre or cloud environment. These zones each have their own access rules so that, if an attacker breaks into one area, they cannot access the rest.
“In a flat network, once someone gets in, they can often slip between systems unnoticed,” Stuart says. “Micro-segmentation prevents that by applying strict, context-aware rules at the workload level, so even internal traffic gets checked.
“Crucially, this requires full visibility into east-west traffic, internal communications that traditional perimeter defences typically ignore. Zero-trust environments leverage micro-segmentation to inspect and control these flows in real time, using enforcement points embedded in the network fabric or hypervisor.
Micro-segmentation is also able to be more flexible when paired with identity-aware networking and automated policy tools.
“The result is not only improved threat containment but also better monitoring, anomaly detection and forensic capability.”
As data centres enter further into public consciousness, keeping them safe becomes even more important. As infrastructure requirements and AI workloads continue to evolve, interconnected services will need more robust risk management.
“Zero trust redefines security as a continuous process of validation. It enforces identity-driven access, inspects traffic at all layers and treats every request, even from within as potentially hostile,” Stuart explains.
“For data centres, this means greater control, enhanced visibility and resilience that can scale with complexity.
“The question facing IT leaders is no longer whether to move toward zero trust, but how soon they can afford to make the transition.”
Explore the latest edition of Data Centre Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Data Centre LIVE.
Discover all our upcoming events and secure your tickets today.
Data Centre Magazine is a BizClik brand