In the context of war, cyberspace has become a full-fledged battlefield. Massive attacks on government systems, telecom operators, transportation services, and critical infrastructure prove that the target today is not just information, but also the ability of the state and businesses to function.

Cloud platforms, data centers, and infrastructure providers are under constant pressure and must adapt to new types of threats that go far beyond traditional attack scenarios. Increasingly, the goal of an attack is not just to steal or encrypt data – but to completely destroy it.

“In this article, I want to share five technical solutions we’ve implemented at the PARKOVYI Data Center that have already become our new security standard – and can help others strengthen the cyber resilience of their infrastructures.“ – Volodymyr Pokatilov, Director of the PARKOVYI Data Center.

 1. Letting Go of the “Secure Perimeter” Illusion

Today, VPNs and firewalls no longer guarantee adequate protection. It is crucial to rethink security architecture and segment networks so that even internal access via VPN is treated as external—with full levels of control and restrictions. Each segment must have its own level of isolation and monitoring.

 2. Two-Factor Authentication is a Must

Implementing multi-factor authentication (MFA) must become mandatory for all clients and partners regardless of size or status. The same applies to internal operations: every account must undergo verification, auditing, and be granted a limited level of access.

3. PAM System: Real-Time Privileged Access Control

Privileged Access Management (PAM) helps prevent human error and ensures real-time control over accounts with elevated privileges. Administrators are granted only the rights necessary for specific tasks. The system automatically rotates passwords and keys several times a day and monitors users with elevated access. This applies to both IT systems and network equipment.

 4. WAF Instead of Wishful Thinking: L7 Protection is a Must

Network security can no longer be limited to Layer 2. To protect web applications and critical services, implementing a Web Application Firewall (WAF) is essential. It effectively defends against targeted attacks on specific applications, APIs, or admin panels.

5. Backups That Can’t Be Deleted: Retention Lock Backup

Data destruction often starts with an attack on backups. We recently launched a ready-to-use Retention Lock Backup service – a solution that prevents full deletion of backups for a predefined period.

Built on Dell EMC DataDomain and integrated with Veeam Backup & Replication 12.1, this service enables:

• Setting a time point after which backup data cannot be modified or deleted even by an administrator;
• Full control over data retention in repositories;
• Automatic replication of data to other sites;
• Fast recovery of systems after incidents;
• Protection against modern cyberattacks and compliance with regulatory requirements.

This tool is a key part of our strategic response to new attack types and allows clients to retain control even in the event of serious system compromise.

Why Does This Matter?

The European Union Agency for Cybersecurity (ENISA) emphasizes the central role of data centers in the digital critical infrastructure ecosystem. The updated NIS2 Directive introduces new requirements for operators covering both technical and organizational measures. The goal is to make the EU’s digital infrastructure more resilient to attacks and reduce risks to the economy and society.

Ukrainian data centers have already faced these challenges since the beginning of the full-scale invasion. Ukrainian businesses and critical infrastructure now have access to secure and resilient infrastructure and cloud solutions in data centers that continue to operate despite constant air raid alarms, power outages, physical threats, and ongoing cyberattacks.

That’s why we are sharing our approach because we believe that the strength of the ecosystem is not defined by isolated efforts, but by mutual support, transparency, and shared responsibility.