* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Data Center](https://www.paloaltonetworks.com/blog/category/data-center-2/)
* Data Center Summit - Lear...

# Data Center Summit - Learnings from the Road

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F03%2Fdata-center-summit-learnings-from-the-road%2F)  
[](https://twitter.com/share?text=Data+Center+Summit+-+Learnings+from+the+Road&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F03%2Fdata-center-summit-learnings-from-the-road%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F03%2Fdata-center-summit-learnings-from-the-road%2F&title=Data+Center+Summit+-+Learnings+from+the+Road&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2012/03/data-center-summit-learnings-from-the-road/&ts=markdown)  
\[\](mailto:?subject=Data Center Summit - Learnings from the Road)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Mar 28, 2012  
5 minutes  
[Data Center](https://www.paloaltonetworks.com/blog/category/data-center-2/?ts=markdown)  
[data center](https://www.paloaltonetworks.com/blog/tag/data-center/?ts=markdown)  
[data center summit](https://www.paloaltonetworks.com/blog/tag/data-center-summit/?ts=markdown)  
[insider threats](https://www.paloaltonetworks.com/blog/tag/insider-threats/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)  
[virtualization](https://www.paloaltonetworks.com/blog/tag/virtualization/?ts=markdown)

**Data Center Learnings from the Road**

I just got back from our London Data Center Summit. We've had multiple data center events now in the U.S. and kicked off the international leg in London last week. At these data center summits, we address the evolution of the data center, data center networking changes and challenges, and finally the implications from a security perspective. I thought it would be interesting to share some of the learnings from the road. What are the top of mind issues from our data center audience?

**Threats**

Many customers expressed concern not only about modern day attacks, but also insider threats. This is interesting. We spend a lot of time worrying about the uber hacker in some far-away nation attacking our **data centers** when the reality is a lot of threats are just as likely to come from the people sitting next to you at the office. Compliance folks think about this regularly.

[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2012/03/DCSummit2-blog2.jpg "DCSummit2-blog")](https://www.paloaltonetworks.com/events/data-center/?ts=markdown)

We know this is happening, it's all over the news. We have seen many examples of insider threats from disgruntled employees or employees who gained access to privileged confidential information they should not have been privy to. Bradley Manning, Phillip Cummings and Orazio Lembo all come to mind.

One interesting question at the Dallas event was how to control "compromised" internal users (like a home VPN user), a  
theoretically-trusted user, from using legitimate access (like RDP) to get to the data center.

The short answer is to treat insiders just as you would external users like partners and contractors. They should be evaluated appropriately from a security and risk analysis view. A home VPN user should not just have complete access to the data center, but only what he/she is allowed to by policy. The firewall should be integrated with the remote access VPN or placed behind it.

Granular access control can be at the firewall level (restrictive access control policies for a compromised user), or at the user repository level (creating a new high-risk group in Active Directory). Data filtering options like those on Palo Alto Network firewalls can ensure data is not flowing out of a segment of the data center. In addition, it is best practice to ensure management applications using RDP, Telnet or SSH are allowed only for a select number of users, like IT personnel. And finally, the best thing you can do to deal with insider threats is constant logging, monitoring and analysis for early discovery of suspicious insider activities.

**Scalability and Performance**

As expected, a number of questions arose around network security and how it would impact scalability and performance in the datacenter. For example, in a data center with thousands of virtual machines, and terabytes or petabyte of data, how do you address latency challenges?

Yes, the latency for a firewall is going to be non-zero. But not having security controls is no longer an option. Every device introduced in the data center, such as firewalls, routers or switches will have latency. But the impact is minimal. We have specifically designed the Palo Alto Networks' "single pass" software architecture to process a specific function only once, in one pass, so the latency is optimized. The multi-core hardware architecture was purpose-built to optimize performance, with dedicated hardware acceleration for intensive computation functions like decryption. The consideration of security versus performance ultimately becomes a policy decision for the organization, instead of a tradeoff.

In addition, if servers are grouped according to their risk and trust levels, then it is likely that inspection can be focused on traffic between different trust levels, optimizing the latency and performance of the firewall.

**Firewall Deployments in an Ethernet fabric data center**

We're happy to see a lot of interest in Ethernet fabrics. With server virtualization, traffic patterns are changing in the access layer towards an east-west model instead of north-south via aggregation and core layers. We fielded a number of questions around firewall deployment modes in an Ethernet Fabric environment. Should it be layer 1, layer 2 or layer 3?

[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2012/03/brewery2.jpg "DC Event")](https://www.paloaltonetworks.com/events/data-center/?ts=markdown)In a defense -in-depth approach, you can consider multiple firewalls in the data center, and the right mode should be chosen depending on the security needs - A high-performance firewall at layer 1 (virtual wire) is best positioned at the entry to the data center to filter against threats. Within the data center itself, i.e. for server segmentation, layer 3 mode is ideal for a segmentation firewall to inspect traffic in and out of a "virtual" or physical segment. A layer 2 deployment should be used if you need to filter traffic between different servers in the same VLAN. **This guidance is true in an Ethernet Fabric environment as well**.

A move towards flat networks like Ethernet Fabric does not mean your security options become limited. Flat networks and virtualized networks should still be segmented for security reasons. John Kindervag of Forrester Research in his Zero Trust Model states emphatically that segmentation is key for security and compliance. This means segmentation via next-generation firewalls, NOT VLANs and switch ACLs.

I hope this was useful. We'll continue to share learnings from the road in the next data center blog. For those who won't be able to attend our **[Data Center events](https://www.paloaltonetworks.com/events/data-center/?ts=markdown "Palo Alto Data Center Summit")** in person, we have **[webinars](https://www.paloaltonetworks.com/events/data-center/webinar-series.php?TS=SocialMedia&ts=markdown)** and archives of webinars available that you can view.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/category/cloud-network-security/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Guest Post](https://www.paloaltonetworks.com/blog/category/guest-post/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Untangling Hybrid Cloud Security](https://www.paloaltonetworks.com/blog/2025/12/untangling-hybrid-cloud-security/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Both Threat Prevention and Response in AVC EPR](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Always Innovating: User Experience, Threat Coverage and Management](https://www.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown)

[#### Prevent Lateral Movement With Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/prevent-lateral-movement/)

### [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/platform/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Addressing Critical Violations From Login to Reporting With Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/cloud-security-user-interface/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### New: More Cloud NGFW Scalability Across Multiple AWS VPCs](https://www.paloaltonetworks.com/blog/network-security/cloud-ngfw-across-multiple-aws-vpcs/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language