
Your cybersecurity strategy probably assumes the data center gets built.
Article Summary: In this installment of TechTakeByBill this article makes a blunt point: data centers are no longer just technical infrastructure. They are the air supply for modern business. Cloud, AI, security operations, identity services, backups, and ransomware recovery all depend on physical facilities that need power, water, land, permits, and local approval. As more communities challenge, delay, or restrict data center development, cybersecurity leaders need to understand that resilience is no longer just a dashboard, vendor, or architecture issue. It is also a physical infrastructure and community-trust issue.
The second part of the article shifts from warning to action. It argues that selling data center expansion cannot be done by pitching tax revenue, server capacity, or AI innovation. The better approach is to act as an unbiased advisor, understand community fears, frame the project around safety and stability, and help local stakeholders resolve concerns before they become opposition. In short: the future of cloud and cybersecurity infrastructure may depend as much on trust-building as technology-building.
TechTakeByBill: Every professional is in sales.
A Note From Bill: I help executives understand cybersecurity, cloud, and AI in business terms—and, just as importantly, how to build internal support for action. Each article ends with a practical selling perspective shaped by 30-plus years in enterprise technology sales.
If a topic resonates with you, or if your organization is wrestling with how to turn cybersecurity, cloud, or AI strategy into executive alignment and business action, I’d welcome the conversation. You can reach me directly at Bill.Thomas@BespinGlobal.com
- Feel free to read below or,
- Listen to the PodCast version
- Find all my previous articles at www.Bill-Thomas.info
# # #
Out of respect for your limited time, let me cut to the chase here.
Data centers have become the new air supply for modern business.
Read that again and take it in — data centers are the air supply for modern business.
Without them, your business does not simply slow down. It goes into massive cardiac arrest.
You do not think about air when it is there. You only notice it when you cannot get enough of it.
That is where businesses are headed with data centers.
Cloud does not run without them. AI does not scale without them. Security operations do not see, analyze, or respond without them. Backups do not restore without them. Security systems, identity services, and ransomware recovery plans all depend on them.
Take away the data center, and the modern business does not become less efficient.
It suffocates, and your LinkedIn profile now has a green banner that reads: “Open to Work.”
And now, in more communities, the places that supply that air are being challenged, delayed, restricted, or stopped.
Executives love to talk about cloud resilience, AI transformation, cyber recovery, and digital modernization as if the infrastructure behind those ambitions is guaranteed.
It is not.
The cloud still needs dirt, power, water, fiber, permits, utility capacity, and local political permission. The next cybersecurity constraint may not come from a ransomware crew, a failed control, or a compromised vendor.
It may come from a zoning board of 5 to 7 local, appointed citizens, plus a few alternates—and they have enough jurisdiction to crush your technology future.
Across the country, communities are asking harder questions about the data centers powering cloud computing, artificial intelligence, security analytics, digital operations, and the applications modern companies now consider non-negotiable. Some communities are pausing new projects. Some are rewriting zoning rules. Some are challenging whether the power, water, land, tax benefits, and local disruption are worth the promised economic return.
This is no longer theoretical. Blackstone-owned QTS recently terminated its planned Digital Gateway data center project in Virginia after years of local opposition and litigation, despite prior approval from the Prince William Board of County Supervisors. Cleveland is considering a temporary moratorium on new standalone data centers while it reviews zoning, power, and water concerns. Sherman Township in Michigan approved a 12-month moratorium so officials can update local zoning rules for data center projects. The National Conference of State Legislatures reports that multiple states have considered bans or moratoriums on data centers, often driven by energy demand and local opposition.
Most executives will see this as a real estate story, a utility story, or a local government story.
It is bigger than that.
The cloud is not floating above us. It is sitting somewhere, consuming electricity, requiring cooling, depending on transmission capacity, connected to fiber, protected by physical security, and asking a local community for permission to exist.
When that permission becomes harder to obtain, the risk is not just delayed construction. The risk is that the digital infrastructure businesses are betting on becomes more constrained, more concentrated, more expensive, and potentially less resilient.
That makes this a cybersecurity issue.
The Warning Did Not Come From a Breach
Cybersecurity leaders are trained to look for warning signs in threat intelligence, vulnerability reports, ransomware activity, identity failures, and vendor advisories.
But sometimes the warning comes from somewhere else.
This one is coming from city halls, township boards, public utility commissions, zoning meetings, environmental reviews, and neighborhood opposition groups.
The next constraint on cybersecurity may not be an attacker. It may be infrastructure.
That should get the attention of every CEO, CIO, CISO, board member, and technology leader who has been told that cloud capacity, AI capacity, backup capacity, and security analytics capacity will simply be there when needed.
Because “the cloud” has become a convenient abstraction. It lets business leaders talk about modernization without talking about substations. It lets AI leaders talk about innovation without talking about water. It lets cybersecurity leaders talk about recovery and resilience without talking about where the compute actually lives.
That abstraction is starting to break down.
FACTOID: The Cloud Is Physical
Every cloud workload runs in a real facility connected to real power, cooling, fiber, land-use approvals, physical security, utility infrastructure, and local operating constraints.
Cloud strategy may feel digital.
Cloud resilience is still grounded in physical infrastructure.
Why Cybersecurity Leaders Should Care
This does not mean every community concern is correct. It does not mean every data center project should be approved. It does not mean data center operators are always the villain.
In fact, the opposite is true.
Data centers are now essential infrastructure. They support hospitals, banks, logistics networks, government systems, emergency services, customer platforms, cybersecurity tools, AI systems, and the everyday digital operations of modern business.
But essential infrastructure still has to earn trust.
That is the leadership lesson.
If fewer communities are willing to host large data centers, more critical workloads may concentrate in fewer regions. That creates concentration risk. Cybersecurity teams already worry about vendor concentration, identity concentration, SaaS concentration, and cloud concentration. Physical infrastructure concentration belongs on the same list.
If recovery plans depend on cloud regions that are capacity-constrained, geographically concentrated, or increasingly difficult to expand, that matters. Ransomware recovery is not just about having backups. It is about whether you can restore fast enough, at sufficient scale, in the right place, under real-world conditions.
If security operations depend on massive data ingestion, long-term telemetry retention, AI-assisted detection, and high-speed analytics, that matters too. Modern SIEM, SOAR, threat hunting, behavioral analytics, identity detection, fraud monitoring, and AI-enabled security operations all depend on compute and storage.
And if AI becomes part of the security operating model, this issue becomes even bigger.
AI does not remove infrastructure dependency. It intensifies it.
The same data center buildout powering generative AI is also powering AI-assisted defense, code analysis, vulnerability discovery, incident investigation, phishing detection, fraud detection, and security automation. If AI infrastructure becomes harder to build, more expensive to operate, or more politically contested, security leaders should not pretend that sits outside their risk model.
Community Pushback Is Not Just Noise
It would be easy for technology leaders to dismiss local opposition as NIMBYism.
That would be a mistake.
Communities are raising real questions. Who gets the tax benefit? Who pays for grid upgrades? What happens to water availability? What happens to electric rates? How much land is consumed? How much noise is created? How transparent are the operators? What happens when promises made during approval do not match the long-term operating reality?
Those are not anti-technology questions.
They are infrastructure-governance questions.
Cybersecurity leaders should recognize the pattern. The security industry has its own version of this problem. For years, companies told customers, regulators, employees, and the public to “trust us” while hiding behind complexity. Then the breaches came. Then the investigations came. Then the compliance requirements came. Then the trust gap became a board-level issue.
Data centers are now facing a similar trust gap.
The public is being asked to support critical digital infrastructure, but many communities do not believe they have been given a clear view of the tradeoffs. That is not a communications problem. It is a governance problem.
And when governance problems are ignored, they eventually become business problems.
The Executive Question Has Changed
For years, the executive cloud question was simple: Are we moving to the cloud?
Then it became: Are we moving to the right cloud?
Then: Are we secure in the cloud?
Now the question needs to mature again.
Do we understand the physical, regional, utility, regulatory, and political dependencies behind our cloud, AI, and cybersecurity strategy?
That is a much better question.
It forces leadership to look beyond vendor architecture diagrams. It forces the business to understand where critical workloads run, where backups reside, how recovery would actually happen, what regions are involved, what providers are concentrated, and what assumptions are hiding underneath the strategy.
A cloud architecture diagram may show regions and availability zones.
It probably does not show the zoning fight, the power constraint, the water issue, the permitting delay, the public trust problem, or the infrastructure bottleneck sitting underneath the diagram.
That missing layer now matters.
ASK YOUR TEAM
- Do we know which cloud regions support our most critical applications, security platforms, backups, and recovery processes?
- Have we reviewed whether our disaster recovery plan depends too heavily on one provider, one region, or one physical infrastructure corridor?
- Are our AI and cybersecurity roadmaps assuming unlimited compute availability?
- Do we understand how data center capacity, power constraints, and regional concentration could affect cost, resilience, and recovery time?
- Are we treating cloud infrastructure as a vendor decision, or as part of our broader business continuity strategy?
The Real Issue Is Resilience
This article is not an argument against data centers.
It is an argument against pretending data centers are someone else’s problem.
Business leaders cannot keep talking about AI transformation, cloud modernization, digital resilience, and cybersecurity readiness while ignoring the physical infrastructure underneath those strategies.
The most important cybersecurity lesson may be the simplest one.
You cannot secure what you refuse to see.
And too many executives still see the cloud as a service contract, not as a chain of physical, regional, utility, and community dependencies.
That thinking is no longer good enough.
The AI boom has run into city hall. The cloud has a zoning problem. Cybersecurity leaders should care because resilience does not begin inside a dashboard.
It begins with whether the infrastructure your business depends on can actually exist.
Part 2 – Selling the future
To successfully advocate for data center expansion in a skeptical community, an executive must move beyond a "communicator" role and become an "unbiased advisor" who prioritizes the community’s safety and stability over the project’s technical merits. The most successful high-stakes "sales" are not won by pitching features like tax revenue or server speeds, but by helping the "buyer"—in this case, the zoning board and local residents—resolve their deep-seated fears regarding risk and consequence.
The Strategy: Selling Safety in an Era of Uncertainty
In a major organizational or community decision, stakeholders are weighing a Value Equation. On one side are the Costs (noise, water usage, grid strain, and political risk for board members). On the other is the Seriousness of the Problem (infrastructure decay or economic stagnation). If you lead with "Features" (the size of the data center or its AI capabilities), research shows you actually increase the audience's sensitivity to cost and "hassle".
1. Stop Pitching and Start Investigating
The most common mistake technical experts and executives make is swamping a community with facts before they understand the "Implied Needs"—the local dissatisfactions that haven't been voiced yet.
- The Move: Instead of an opening benefit statement about economic growth, start by asking questions that explore the community’s long-term infrastructure concerns. If the community is worried about water or power, help them articulate the consequences of the status quo. When a "buyer" articulates the pain of a current problem, they become more receptive to a solution that mitigates it.
2. Frame the Infrastructure as "Safety," Not "Innovation"
My research into IBM’s dominance during recessions proved that decision-makers buy safety—the avoidance of a mistake—above all else.
- The Move: A data center should not be presented as a "tech project." It should be presented as the "air supply" for modern business and a mechanism to harden local utility grids. Just as IBM succeeded with the message "nobody ever got fired for buying IBM," you must make the zoning board feel that approving the expansion is the most responsible, "low-risk" move for the town’s future stability.
3. Sit on "Their Side of the Table"
To build genuine trust, the community must perceive that you have cander, competence, and concern. If they feel you are pushing your own agenda, they will resist.
- The Move: Adopt a "bias-free" advisory approach. This may mean suggesting a smaller initial footprint or a more expensive cooling method that addresses a specific local concern before they even ask. By recommending what is solely in the community’s interest, you earn the credibility to move the project through the "Resolution of Concerns" phase, where most large deals fail.
4. Address "Consequences" to Lower the Temperature
Opposition is rarely about the facts; it is about the consequences—the personal and political risks stakeholders perceive.
- The Move: Use "open-book" policies to share internal data on environmental impacts and grid load. Don't minimize their fears (e.g., "don't worry about the noise"). Instead, get them to describe the value of a solution that resolves that fear. When they verbalize the payoff of a "responsible" expansion, they effectively become your internal advocates.
Strategic Implications for the Executive Advocate
- Avoid Negotiating Too Soon: Leading with concessions or price (tax) cuts signals that you are nervous about the value of the project and increases the "buyer's" perception of risk.
- Rehearse Your "Sponsors": Identify members of the board or local media who are the "Focus of Dissatisfaction" and help them practice explaining the business benefits of a more resilient community
