At first glance, colocation facilities may seem to offer little in the way of security that other types of infrastructure – namely, on-premises servers and public clouds – don’t also provide. After all, most major cyberattacks today involve software-based attack vectors that work equally well regardless of which type of facility a workload is hosted in, or where the facility is located.
Yet it would be a mistake to think of colocation as being exactly as secure – no more, and no less – as other types of infrastructure options. On the security front, colocation offers both advantages and disadvantages, as this article explains.
The Security Advantages of Colocation
Colocation offers several benefits from a security perspective.
Probably the biggest security advantage of colocation facilities, especially as compared with on-premises infrastructure, is physical security, which means physical access to the facilities where servers are hosted.
Of course, most modern security threats – like ransomware and DDoS attacks – don’t rely on physical access. There are, however, threats such as bombing plots, which, although rarer, can be even more destructive.
Public cloud data centers typically also provide very strong physical security guarantees. But you can’t say the same about on-premises infrastructure.
Colocation providers offer power backups, as well network redundancy options. Some also provide managed data backup services for workloads hosted in their facilities.
While these solutions aren’t security protections per se, they help businesses build infrastructure that is resilient in the face of security events and other types of disruptions.
Cloud providers may offer high availability guarantees, but they still sometimes go down. They also don’t offer resources like managed backup. As for on-prem, you’re on your own for achieving resiliency.
Colocation companies that offer managed services in addition to data center real estate can provide security benefits by helping customers plan and manage secure infrastructure. Here again, you typically can’t find these services in the public cloud, and certainly not on-prem.
Finally, perhaps the least-appreciated, but most important, security benefit of colocation is the ability to define highly complex – and, if desired, highly private – networking configurations. Using interconnection services, you can securely connect workloads in one colocation facility with another data center, a public cloud or on-premises infrastructure.
The Security Drawbacks of Colocation
While collocation makes security stronger in many ways, it comes with some drawbacks.
One is that colocation providers don’t usually offer self-service security tools that customers can use to monitor the security of their workloads. They may offer managed services, as noted above, but nothing like AWS Security Hub or Microsoft’s Azure Security Center.
Colocation customers can, of course, deploy any number of security monitoring and management tools within their environments. But the tools aren’t built into the infrastructure platform in the way that they are with public cloud.
Arguably, public clouds also offer the security benefit of offloading more security responsibilities from customers. Colocation providers, too, handle some aspects of security, like physical access. But they don’t usually manage software security patches or secure the bare-metal servers used to host VMs, for example – tasks that typically fall to cloud providers if you use managed services in a public cloud.
Finally, the fact that you can’t as easily mirror workloads across colocation facilities in the way that you can using a multi-zone or multi-region public cloud architecture could be considered a security drawback for colocation. It reduces resiliency and makes workloads more susceptible to certain types of attacks, like DDoS.
Ultimately, the security differences between colocation and other approaches to infrastructure deployment are not enormous. But they are significant, especially for workloads that require highly secure network connections or for businesses that want hosting providers to help manage the security of their workloads as well as provide the data center space to run them.