The number of OT (Operational Technology) devices in modern data centers (DC) are rising quickly, alongside soaring complexity in security and management practices. Factors such as IT/OT convergence, cloud expansion, and IoT integration are transforming traditional data center facilities into intricate ecosystems with new risks and requirements.

OT Devices Growth and drivers in DCs

OT devices like Building Management Systems (BMS), Power Distribution Units (PDU), and Environmental Controls (EC) are increasingly deployed to monitor, automate, and protect data center infrastructure. The latest GPUs require very efficient cooling due to its high-power consumption. Hence liquid cooling systems with related OT equipment such as pumps, flow controllers, heat extinguishers and various sensors play vital role in operations, maintenance also security of data centers along with IT equipment such as servers, AI systems, network switches etc. The integration of IT and OT for better management, operations and security of Data Centers is very important and critical.

Billions of IoT and OT devices in smart data centers are generating unprecedented data volumes: expected to be 79.4 zettabytes by 2025, with a compound annual growth rate of 28.7%.

These devices automate critical functions like power distribution, cooling, environmental monitoring, facilities management, surveillance, and access control.

AI and machine learning further increase the proliferation of specialized hardware (high-density GPUs, advanced PLCs), intensifying the need for real-time analytics, predictive maintenance, and continuous automation

Integration with IT and the expansion of IoT means more sensors, controllers, and networked endpoints are active, pushing up both device volume and data flows. The demand for real-time monitoring, predictive analytics, and automated incident response is further fueling OT device growth.

 

Complexity in Security

Legacy OT platforms, often running outdated systems or proprietary protocols, struggle to keep pace with modern cyber threats, making patching and securing these systems complex.

OT devices are fundamentally reshaping data center security strategies by expanding the attack surface, requiring integration of both cyber and physical defenses, and driving the need for advanced monitoring and real-time threat response. IT/OT integration exposes both to shared attack surfaces; threats now range from malware to ransomware and sophisticated supply chain attacks targeting connected OT assets. Though IT devices are relatively better secured the attacks on IoT and OT devices can potentially bring down the data center.

Many new OT and IoT devices lack proper security controls out of the box, becoming entry points for hackers, leading to operational disruption and compromised data. Compliance, incident response, and disaster recovery all become more challenging and complex as environments now integrate massive numbers of sensors, controllers, and smart systems, making holistic risk management and operational oversight more challenging than ever.

 

Expanded Attack Surface

• The integration of OT devices—like surveillance cameras, sensors, BMS, PDUs, liquid cooling racks and environmental controls—into IT networks means every connected endpoint represents a possible vulnerability, making traditional air-gapped approaches obsolete.
• Increasing deployment density, especially for AI-driven hardware (moving from less than 10 kW per rack to up to 250 kW), requires advanced cyber and physical protection for every cooling, power, and control element.[2][4]
• Attackers now target the intersection of IT and OT systems, often infiltrating less secure IT environments first, then moving laterally into critical OT infrastructure to disrupt operations.

Security Risks due to increased OT devices

• OT systems often rely on legacy software with minimal security features, making them prime targets for cyberattacks and ransomware.
• IT/OT convergence means previously air-gapped OT networks are now exposed to IT attack surfaces; security strategies must address both digital and physical risks.
• Supply-chain vulnerabilities and lack of standardized patching exacerbate attack possibilities, while compliance requirements stretch traditional security teams.[
• Cooling system OT devices in data centers face multiple cybersecurity risks that can threaten both digital and physical infrastructure. Key concerns include network-based attacks, remote exploitation, insider threats, and operational disruption due to outdated systems and integration with IT networks
• Service Disruption & Overheating: Attackers can manipulate cooling system settings (via malware, remote access, or compromised control software), disabling pumps, heat exchangers, or temperature thresholds. This can quickly overheat critical hardware, leading to system crashes and downtime.
• Outdated and Poorly Secured Devices: Many OT components (like PLCs and management systems) use legacy hardware or software with minimal security. Vulnerabilities include hardcoded passwords, unpatched firmware, and weak network segmentation, making them targets for both targeted and opportunistic attacks.
• Remote Access and Third-Party Risks: Maintenance vendors and external service providers often require remote access to cooling OT systems, creating potential pathways for cyberattack if their credentials or devices are compromised.
• Malware and Targeted ICS Threats: OT-specific malware frameworks are designed to exploit industrial protocols and manipulate building control systems (OPC-UA, BACnet, Modbus), allowing adversaries to directly interfere with cooling, with serious operational and reputational consequences.
• Physical and Insider Threats: Physical tampering or sabotage of cooling OT devices—especially if equipment rooms are not properly secured—can be coordinated with cyber-attacks, compounding the risk and impact.
• Denial-of-Service (DoS) Attacks on IoT/OT Network: Excessive network traffic, deliberate overloading, or botnet attacks can render sensors and control devices unresponsive, resulting in undetected overheating or loss of cooling.

 

Integration of Cyber and Physical Security

• Modern strategies combine physical security (such as biometric access control, surveillance, and zoning) with cybersecurity measures like network segmentation and anomaly detection.
• Data centers deploy segmentation to isolate OT systems from IT and limit lateral threat movement, making it harder for breaches to affect core operational processes.

 

Advanced Monitoring and Incident Response

• OT devices demand continuous, real-time monitoring, with security operations centers (SOC) blending IT and OT intelligence for complete visibility across all assets and rapid anomaly detection.
• AI and advanced analytics are increasingly used to process the massive volumes of data generated by OT, enabling early detection of both cyber and physical threats, and automating incident response and compliance monitoring.

 

 

The Bottom Line

Modern data centers face rapidly rising OT device growth, with corresponding spikes in complexity for management and security due to IT/OT convergence, high-density workloads, and automation at scale. Only those investing in more advanced monitoring, automation, and security strategies, including AI-powered tools, and highly skilled risk management to manage OT complexity and meet regulatory standards can keep pace with the demands and threats of future-proof data center infrastructure.