Security is a key aspect of managing IT systems. Hackers and state-sponsored groups are breaking into whatever systems they can, with the assumption that one day that it will be useful at some point in the future. One of the keys to preventing breaches like Yahoo and the DNC is to layer your security systems.
There are several layers, and you can insert them at different points of your network. The firewall usually sites at the top and blocks both incoming and outgoing connections that do not conform to the rule set. The firewall also separates the various segments of your network. When you colocate to a facility like Rack Alley, the firewall component is available as a service.
Segmenting your network is another important part of layering your security. For example, place your applications servers, database servers, clients, and backup systems on different network segments. You can now use your firewall to allow only select communication between the different segments. For example, only the application server can connect to the database servers and the clients can only connect to the application servers.
Another layer consists of systems like IDS and IPS to deal with potential intrusions. You can place this later above the firewall or after the firewall. IDS use signatures that recognize potential attacks and block such connections.
Firewall, network segmentation, IDS, and IPS are just a few methods of layering the security in your network. There are also other systems like Honeypots, Anti-virus, Anti-malware, desktop firewalls, etc. that you can add as other layers. When you layer your security like this, even when a hacker breaks into one system, he cannot easily access another. All of this is possible whether you have all these systems in-house or have everything at an LA data center.