In today’s digital economy, data centers are the backbone of worldwide commerce and critical infrastructure. For myriad organizations, they process critical data, power cloud services, and enable applications that millions of users rely on daily.
However, beyond the rows of always-on servers that power so much of the modern world lies the operational technology (OT) layer, which is no less critical. These systems are responsible for maintaining the physical infrastructure that supports the digital functions of data centers. More importantly, the OT layer consists of various building management systems (BMS) that control and monitor the data center’s HVAC, power management, distribution and backup systems, fire detection and suppression systems, and more.
Once isolated from exposure to cyber risks, BMS are increasingly being connected to enterprise networks. While this offers many business advantages, it also significantly expands the attack surface that threat actors can exploit. If a data center suffers a security breach, the consequences can range from reputational damage and financial losses to operational downtime and prolonged service outages.
Why is OT Cybersecurity Critical for Data Centers?
Data centers are high-uptime environments with incredibly high—and growing—demands for power and cooling. Depending on a few factors, a typical enterprise data center can consume megawatts of electricity per day and requires very specific environmental controls to function reliably. And unlike IT assets, an OT environment is typically designed with operational efficiency in mind first, rather than cybersecurity. Because of this, it’s common for OT systems to run on legacy software and platforms that often cannot be taken offline, nor have they been patched for long periods of time.
At the heart of these OT systems are the BMS that keep the physical operations of a data center running. Given the sensitive nature of what they support in this scenario, a digital threat can have physical consequences. For example, in June 2025, US data center provider Digital Realty was hit by a cyberattack that was likely part of ongoing activity from the threat group known as Salt Typhoon. This wasn’t a one-off attack, either—groups like Salt Typhoon and Cyber Av3ngers specialize in cyber espionage and often conduct targeted campaigns against high-value targets such as Digital Realty. While the damage caused by this attack wasn’t immediately clear, it’s believed that the attackers used unpatched vulnerabilities and credential theft as an entry point.
Perhaps even more alarming is how many organizations are simply unprepared to deal with the threat landscape faced by BMS in the age of IT/OT digital transformation. Recent Team82 research confirmed that 75% of organizations in an analyzed dataset have BMS devices affected by known exploitable vulnerabilities (KEVs). Many of these KEVs have been linked to known ransomware campaigns. The research also showed that many BMS connections to the internet are done insecurely, either without the benefit of a secure access solution or a VPN, for example.
Five Best Practices to Securing OT in Data Centers
Obviously, data centers are high-value targets for threat actors. Given the unique challenges and expanding threat landscape, defending data center OT requires a specialized approach that bridges the gap between cybersecurity and BMS protection.
Here are five best practices to use when securing data center OT:
Asset Inventory
If you can’t see it on your network, you can’t protect it. Not only is it critical to get a comprehensive asset inventory of all assets that a BMS would manage within your OT environment, such as HVAC, elevators, cooling systems, etc., but it’s just as important to include all related components, connections, and dependencies.
Network Segmentation
Attackers able to gain unauthorized access to one part of an enterprise network can often move laterally through other parts of it, potentially causing even more havoc. By segmenting the network into isolated zones, you can limit the damage and allow more time for remediation and removal of the threat. For a data center, an effective way to do this would be segmenting the BMS network from the IT network. This would allow for quick isolation if either became suddenly compromised, enabling a faster response.
Secure Remote Access
Third-party access to enterprise networks is an increasingly complex issue. It’s convenient for remote contractors, vendors, and others, but it’s also one of the top threat vectors used by attackers. And because OT environments require their own specific means of defense, typical IT security methods like firewalls and jump servers aren’t enough. A secure access solution for OT should include least-privilege access, multi-factor authentication (MFA), and offer comprehensive reporting and monitoring capabilities.
Threat Detection
It’s not just important to implement a robust OT threat detection strategy, but that strategy must also prioritize a proactive approach. Identifying anomalies before they materialize into threats, contextualizing alerts for OT environments, and real-time monitoring are all must-haves.
Exposure Management
Simply having a list of vulnerabilities isn’t enough to protect them all. The way to tailor an exposure management strategy to an OT environment is to know which devices pose the biggest risk to the business if they were compromised, and prioritizing protection for the most critical.
What’s Next for OT Cybersecurity in Data Centers
As the lines between IT and OT continue to blur, the most resilient data centers implement comprehensive protection that applies to both physical and digital environments. This protection must include robust threat detection and response, network segmentation, exposure management, asset inventory, and secure remote access. Moreover, the solution should include protection for BMS devices that keep an OT environment protected in a data center.
With the Claroty Platform, organizations get several benefits in one solution, including secure remote access to protect third-party access, industry-leading asset discovery to identify all devices within a vast and complicated enterprise network, threat detection to catch anomalies before they become attacks, and much more.
Explore the Claroty Platform or schedule a demo with one of our experts to learn more about how Claroty can protect data centers.
