Firewalls and Logical Security
Our data center has redundant firewalls and many networks. Each of these networks contains devices that serve a single function. For example, the database servers are on one network, and the web servers are on another. This is very important, as it provides a much stronger defense against attack.
In addition, we instate a strict "block all" policy for communication between networks. No service is allowed to communicate across the network line unless it follows a strictly defined rule set. We regularly review both this rule set and actual inter-network communication to ensure that nothing "extra" crosses network boundaries.