Traditional perimeters are crumbling, so can a zero-trust model stop attackers in their tracks? Stuart Miller, Data Centre and Construction Lead for EMEA at OryxAlign, believes it must.
Traditional perimeter security is no longer enough to protect today’s data centres. As infrastructure becomes more distributed and attackers more advanced, relying on internal trust leaves critical systems exposed. With data centres now frequent targets of lateral movement and credential-based threats, zero trust has become a necessary evolution.
Adopting a zero trust model is the number one trend in enterprise security practice, as 60% of businesses anticipate a cyber breach in 2025. According to BeyondTrust, only 24% of companies have their zero trust solution fully deployed, while around 76% are still in the process of implementing a zero trust approach, as a result of increased cloud utilisation and remote workers.
The limits of traditional trust
For years, data centres followed a straightforward rule: build a strong perimeter, and everything inside is safe. Firewalls, VPNs and network segmentation acted as the outer defences, while internal traffic flowed freely under the belief that the real threats were only outside.
But that mindset no longer holds up. Today’s attackers often slip in through internal gaps, like stolen credentials or insecure third-party connections. Once they’re inside, they move around easily, taking advantage of the same trust-based systems meant to keep operations smooth. That built-in trust has become a serious weakness.
The zero-trust model inverts this logic. It is built on the principle that no user, device, workload or system should be trusted by default, not even those within the traditional perimeter. Instead, access must be continuously validated using context-aware mechanisms that include identity verification, device posture assessment, behavioural analysis and adherence to granular policies. In short, trust becomes a dynamic, verifiable state, not a permanent status.
Adapting to hybrid complexity
The need for zero trust becomes even more apparent when we consider the architecture of modern data centres. Few are standalone facilities anymore. Most are integrated into a broader ecosystem that spans public and private clouds, edge computing, container orchestration platforms and remote users.
This complexity erodes the concept of a fixed network perimeter. A traditional approach cannot scale across such diverse environments, nor can it maintain consistency in access control. Zero trust provides a framework for maintaining unified policy enforcement regardless of resource or user location.
This approach shifts the focus from location to identity and context when granting access. It keeps data centres secure even as workloads move across platforms or new endpoints are added. It also makes it easier to meet new regulatory standards, which now expect constant monitoring and clear policies at every level of the infrastructure.
Visibility and segmentation
To be effective, zero trust requires visibility. Micro-segmentation helps make that possible by breaking the network into tightly controlled zones, each with its own access rules. If an attacker breaks into one area, they’re stopped from moving freely through the rest.
In a flat network, once someone gets in, they can often slip between systems unnoticed. Micro-segmentation prevents that by applying strict, context-aware rules at the workload level, so even internal traffic gets checked.
Crucially, this requires full visibility into east-west traffic, internal communications that traditional perimeter defences typically ignore. Zero-trust environments leverage micro-segmentation to inspect and control these flows in real time, using enforcement points embedded in the network fabric or hypervisor. The result is not only improved threat containment but also better monitoring, anomaly detection and forensic capability.
When paired with identity-aware networking and automated policy tools, micro-segmentation becomes much more flexible. Policies can adjust in real time based on how users behave, the latest threat intelligence or the state of a workload. For instance, if a system suddenly tries to contact an unusual destination or access a restricted area, the network can automatically step in, limiting or cutting off access without anyone needing to intervene.
Securing the modern data centre is no longer a matter of hardening the edges, because in most cases, the edges no longer exist. Infrastructure now operates in a fluid state, shaped by virtualisation, mobility and interconnected services that blur the lines between internal and external. In this environment, implicit trust is a risk surface.
Zero trust redefines security as a continuous process of validation. It enforces identity-driven access, inspects traffic at all layers and treats every request, even from within as potentially hostile. For data centres, this means greater control, enhanced visibility and resilience that can scale with complexity. The question facing IT leaders is no longer whether to move toward zero trust, but how soon they can afford to make the transition.
