By Sean Rinas, Head of Network Engineering at NEXTDC
When we talk about security and data centre connectivity, the focus usually lands on protecting what’s inside the walls – firewalls, routers, multi-factor authentication, encryption at rest etc.. What doesn’t get talked about nearly enough is what happens in between – that is, when data is in-flight from one data centre, cloud, source, device or application to another.
At NEXTDC, we’ve always put a lot of focus on physical and digital security risk management around and inside our data centres. However, as more workloads move across cities and between data centres, security can’t stop at the door. It needs to travel with your data, especially when that data is mission critical, commercially (or personally) sensitive, or moving between partners, facilities, through the streets, across metro fibre and along interstate routes. The question we had to ask ourselves was: what’s protecting customer data out there?
That’s why we’ve started rolling out MACSec across our AXON virtual data centre connectivity network; beginning with our busiest routes in and between Sydney and Melbourne, and expanding nationwide by the end of the year. And the best part is, to achieve this data centre connectivity security uplift, our customers don’t need to do a thing.
That’s not how most encrypted connectivity works. But it’s how it should.
MACSec (short for Media Access Control Security) encrypts data at Layer 2, also known as the link layer. It protects traffic as it moves between physical endpoints, like data moving between our S1 Sydney to M1 Melbourne data centres. Think of it as locking the pipeline, not just the boxes at either end.
Traditionally, if you wanted encrypted traffic between data centre sites as part of your data centre connectivity posture, it meant layering security on top – usually through dedicated hardware at both ends, or IPsec tunnels that added overhead and complexity. It worked, but it wasn’t simple, and it rarely delivered full line-rate performance.
Now, our AXON interconnectivity platform does it differently. We’ve embedded MACSec encryption directly into the network. That means no extra gear, no performance trade-offs and no manual setup. It’s built-in, always-on and designed to protect data in motion without slowing anything down.
That’s not something most virtual network providers can offer today. Delivering encryption at this scale means upgrading physical infrastructure, and that’s a step many simply aren’t ready to take. We’ve made the investment in new hardware and dedicated encryption processing to do it right. That’s the AXON difference.
From a customer point of view, this change won’t feel like much. You won’t see new buttons in your AXON portal, or be asked to choose an encryption setting when provisioning a service. We’ve done it this way intentionally, because we’re all about delivering interconnectivity without friction or complexity.
We think it should be like using a banking app – you expect the traffic is encrypted, but you don’t think about how it’s done. Security just happens, behind the scenes, without needing to tick a box.
That’s exactly what we’re aiming for with MACSec on AXON. Whether your traffic is crossing metro fibre in Sydney, hopping from Melbourne to Sydney, or eventually connecting interstate via Brisbane, Perth or Canberra, it will have encryption baked in (not bolted on).
This also positions AXON for whatever comes next. As AI adoption accelerates, more businesses are connecting to GPU-as-a-Service providers – platforms that deliver on-demand access to powerful computing infrastructure for training models, running inference, or just processing huge volumes of data at speed. These providers might be colocated inside NEXTDC or reachable via the AXON ecosystem. Either way, our customers need fast, reliable and secure interconnection to keep those workflows moving. MACSec adds a critical layer of protection, ensuring those high-value workloads stay encrypted in transit, without introducing complexity or performance trade-offs.
There’s no silver bullet in security, but there is peace of mind in knowing that your data centre provider is thinking several steps ahead. Our buildings are engineered from the ground up to keep your data and digital footprint safe. Now, so is the fibre that interconnects all the infrastructure components.
This upgrade is part of a broader promise: to facilitate interconnection that is as seamless, secure and scalable for our customers as everything else we engineer at NEXTDC. It’s about providing operational certainty that enables our customers to adapt to and embrace a still-to-be-defined, data driven future. It’s about letting them stay focused on creating competitive advantage, growth and innovation while we provide a cutting-edgedge digital infrastructure platform.
MACSec encryption is now baked into AXON, starting with our busiest routes and expanding nationwide by the end of the year.
As AI adoption accelerates, infrastructure needs to do more than keep pace. It also needs to anticipate the pressure of denser, faster, high-performance environments. Secure interconnection is now as foundational as fibre in supporting that shift. By embedding encryption at the network layer, AXON helps ensure critical workloads move reliably and securely across distributed AI and hybrid cloud ecosystems.
If you’re thinking about how to simplify secure connectivity between sites, partners or cloud environments, we’d love to talk. Get in touch to explore how AXON’s built-in performance and protection can support your next phase of growth.