Why Zero Trust Model Is Reshaping Data Centre Cybersecurity
As data centres grow in complexity, so do the threats they face.
Cybercriminals, often described as threat actors, now use more sophisticated methods to break into networks. With infrastructures no longer confined to a single location and instead stretching across cloud platforms, container systems and remote environments, traditional defences fall short.
The model gaining the most attention is zero trust – a cybersecurity framework built on the idea that no device or user should be trusted automatically, even if already inside the network perimeter.
Stuart Miller, Data Centre and Construction Lead for EMEA at OryxAlign, says the shift is overdue.
“Adopting a zero trust model is the number one trend in enterprise security practice, as 60% of businesses anticipate a cyber breach in 2025,” says Stuart.
Traditional defences are no longer enough
Perimeter-based security, once the standard approach, now struggles to contain modern cyber threats. The assumption that everything inside the network is trustworthy no longer holds, says Stuart.
“Once they're inside, they move around easily, taking advantage of the same trust-based systems meant to keep operations smooth,” he explains. “That built-in trust has become a serious weakness.”
According to Stuart, the situation is made worse by increased cloud use and widespread remote work, which create new points of vulnerability. Data centres today often connect to multiple platforms and rely on third-party access – providing more opportunities for attackers to exploit weak spots.
Zero trust responds to this by introducing continuous validation of users, devices and requests. Every connection, regardless of origin, must be authenticated. It involves identity verification, device status checks and behavioural analysis. These checks determine access rights dynamically, based on the context of each request.
“In short, trust becomes a dynamic, verifiable state, not a permanent status,” Stuart explains.
Adapting to hybrid and distributed environments
Modern data centres rarely operate in isolation. They form part of larger networks including public cloud systems, edge computing, container platforms and user devices scattered across different locations. This means traditional, centralised security systems can’t apply consistent access controls.
“Nor can it maintain consistency in access control,” says Stuart. “Zero trust provides a framework for maintaining unified policy enforcement regardless of resource or user location.”
Zero trust treats identity and context – not location – as the basis for granting access. This approach allows organisations to maintain protection even as their infrastructure shifts or expands. Whether workloads move across platforms or new endpoints join the network, policies stay intact.
“It also makes it easier to meet new regulatory standards, which now expect constant monitoring and clear policies at every level of the infrastructure,” adds Stuart.
Inside the network: micro-segmentation and visibility
The real strength of zero trust lies in its visibility. It relies on techniques such as micro-segmentation – where the network is broken down into small, isolated zones, each with specific access rules. If attackers get into one segment, they cannot move freely.
“In a flat network, once someone gets in, they can often slip between systems unnoticed,” Stuart explains. “Micro-segmentation prevents that by applying strict, context-aware rules at the workload level, so even internal traffic gets checked.”
These internal data flows – often called east-west traffic – typically go unmonitored by traditional security tools. In a zero trust system, this internal traffic is inspected in real time using enforcement points embedded at various levels, such as in the network infrastructure or hypervisor (the software that runs and manages virtual machines).
This not only helps block intrusions, but also improves threat detection and investigation after an incident. When combined with identity-aware networks and automated policy tools, micro-segmentation becomes more responsive and scalable.
“The result is not only improved threat containment but also better monitoring, anomaly detection and forensic capability,” says Stuart.
As public awareness of data centre operations increases and demands on infrastructure rise – especially due to AI and large-scale digital services – cybersecurity models must adapt accordingly.
“Zero trust redefines security as a continuous process of validation. It enforces identity-driven access, inspects traffic at all layers and treats every request, even from within as potentially hostile,” summarises Stuart.
“For data centres, this means greater control, enhanced visibility and resilience that can scale with complexity.
“The question facing IT leaders is no longer whether to move toward zero trust, but how soon they can afford to make the transition.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
