Every building has a perimeter, sometimes those perimeters look very different than those we are accustomed to seeing. Most of the time, when you picture a data center in your mind, there is a large concrete building set back from a roadway with acres between it and a very long and tall fence surrounding the massive property. The picturesque version of a proper perimeter with a significant standoff distance or standoff zone.
Now we take a look at reality. Many data centers simply do not have this. A very large, well-known telecommunications company’s data center is in the middle of a city block in a large metropolitan area. A large US city has its city’s data center, where anyone can walk up and touch the building. Many of the data centers ranked by the Uptime Institute as being Tier 1 and Tier 2 have been designed with no perimeter for years.
The shock and awe now is , as more companies jump into the hyperscale data center world, with more than 400 data centers being built in just the United States as of May 2026, a significant number of these are perimeter-less. Typically, the catalyst is not cost, but rather a concession of a perimeter for more square footage of data hall space. To maximize the tenant space, the designs have taken the building(s) to the edges of the property lines and easements. Digital infrastructure companies are finding every nook and cranny of available property where power is available. Land collocated with high megawatt (MW) or gigawatt (GW) or GW+ power is one of the hottest real estate commodities on the market.
Maybe there was an initial plan for a perimeter, but like the great theologian Mike Tyson once said: “everybody has a plan until they get punched in the mouth”. That punch is typically felt with the addition of a substation on the property. Plans change. The perimeter with already degraded standoff distances is removed, taking the building(s) adjacent to the public space.
In this case, the traditional data center build has to pivot. Precast walls are not enough to stop a bad actor with a truck full of ANFO (Ammonium Nitrate/Fuel Oil), such as the one Timothy McVeigh used on the Alfred P. Murrah Federal Building in Oklahoma City in 1995. While that was not a data center, that is one of the incidents that must be protected against. However, it is not just the ballistic event that needs to be designed around, but also the physical security and corporate espionage threats that are minimized or eliminated by the standoff distance that are now laid bare for anyone with the right technologies to steal trade secrets, without ever entering the facility.
The perimeter-less data center has to be designed around these use cases. Something that I say frequently: “The best technology in the world, for the wrong use case, is the wrong technology”. Here is no different. Instead of traditional precast concrete walls, think about using ballistic engineered concrete to decrease the vulnerability of a terrorist event. Granted, the tradeoff is that this concrete is more expensive, and will likely exceed the savings of not putting in a fence and a guardhouse. Unfortunately, many times, security is thought of after the building is built. What then. The next option might be to add reinforcement to the interior or exterior walls, and/or to add ballistic coatings or panels to the exterior. It needs to be noted that many data centers are now marketing showpieces for digital infrastructure companies, and many have numerous windows to increase the aesthetics of the data center. Windows must be treated with technologies as well. A ballistic-resistant structure is only as strong as the weakest point, and many times this is window glazing. Choosing the right technology or technologies for windows to reduce the amount of damage based on a ballistic event is only part of the equation. Most windows are selected for a building, and data centers are no different, to minimize heating costs. Technology companies, data centers, and data center tenants are susceptible to bad actors using eavesdropping technologies to steal trade secrets. Traditional windows are susceptible to eavesdropping, where
bad actors will use any number of technologies to “listen” to conversations. Even with a perimeter, windows should be evaluated for vulnerability and the risk of eavesdropping. Perimeter-less data centers have a vulnerability and risk that is much higher. Windows should not only have a ballistic component, but should also have RF shielding or some other type of technology to prevent eavesdropping.
All data centers, both those with a defined perimeter and those that are perimeter-less, are also facing a new threat of drones. Drones have the ability to carry a payload of up to 55 pounds, depending on the model. A 55-pound payload, depending on the explosive, can snap reinforced steel columns. The likelihood of a 55-pound electromagnetic pulse generator’s (EMP) “blast radius” being able to damage a non-shielded building is probable. Due to their size, drones can be used to eavesdrop or to deliver advanced payload(s) unseen from the rooftop. As a note, I advise all of my clients, data center or not, to implement technologies to be future-ready. The reality is there is no future-proof. Drone detection for data centers is one of those future-ready technologies. However, drone detection is typically not one of those technologies that data centers implement day one. They are dealing with the implementation of key security systems like access control and video management systems. Still, planning for drone detection may be as simple as running additional conduit to the highest point(s) on the data center during construction, so that when it comes time for implementation, the costs implement raceway and pathway is not cost-prohibitive because the new build needs a retrofit. The location of the data center, the perimeter or perimeter-less application, local laws, budget, and type of data being generated or stored in the data center will likely define the types of drone detection technologies needing to be implemented. It should be noted that, as of the writing of this article, even if a drone is detected, since they hold the same classification as a commercial airplane, they cannot be shot down or disabled while in flight.
One of the big concerns for the perimeter-less data center, but a concern for all data centers, is the vulnerability of the power. The local power is why the data center was located in that location to begin with. What happens if that power is somehow cut off, not just for a short period of time? Generators and UPS backup are table stakes at this point and would ride the short-term outage. This discusses the very real fear of someone damaging the substation from afar with a high-powered rifle or some other larger-yielding explosive device, let alone an EMP. Substations are typically installed next to the data center and have the same anti-climb security fences found around most data centers, with appropriate standoff distances. Since most of the utility providers do not have the budget or resources to design or build the substation, one of the first requirements is that the data center must design the substation to the utility provider’s specification, and the data center must also build and commission the substation. Once the substation is commissioned, the substation and the land it sits on are to be signed over to the utility provider. At this point, the utility provider will then begin to bill the data center for power usage.
One thing to consider here is that substations may not have to be located in an open yard, like many are designed for today. Substations may be incorporated into the building design, especially in those perimeter-less locations, for additional security measures, and potentially additional square footage gained for tenant space. This is not a new concept. In dense metropolitan locations, like New York City, substations are located inside buildings. The difference here is that these are highly regulated and heavily engineered to meet fire, building, and electrical codes. While New York has some of the strictest codes, smaller jurisdictions with fewer staff may not be able to regulate and enforce necessary codes for indoor substations.
All of this is in replacement of the technologies a traditional perimeter provides, not in replacement of any of the security technologies that should be implemented on the exterior, the internal company spaces, or tenant-restricted spaces. Security technologies should be designed based on the data center’s use case, tenant requirements, and risk tolerance.
