That's a really insightful question! As someone who's worked with plant managers, I can tell you their resistance isn't just stubbornness - it's deeply rooted in legitimate concerns. They're responsible for keeping production lines running 24/7, and any downtime can cost millions. When they hear 'connect PLCs to the cloud,' they immediately think about ransomware attacks that could shut down their entire operation, safety systems being compromised, or production secrets leaking out.

The core fears boil down to three things: 1) Safety risks - what if someone hacks in and causes equipment damage or injuries? 2) Operational continuity - internet goes down, cloud service has issues, and suddenly they can't control their own factory. 3) Legacy compatibility - many PLCs are 10-20 years old and weren't designed with cloud security in mind.

For a minimum viable security architecture that would actually convince skeptical plant managers, I'd suggest starting with these essentials:

1. Air-gapped data diodes - One-way communication from PLCs to cloud only, so the cloud can't send commands back down
2. Industrial DMZ (demilitarized zone) - A secure buffer zone between OT and IT networks
3. Zero-trust authentication - Every device and user must verify identity, no 'trusted network' assumptions
4. Local failover capability - If cloud connection drops, everything keeps running locally
5. Encrypted data channels - Even for read-only data, encryption is non-negotiable
6. Real-time monitoring - Immediate alerts for any unusual network activity

The key is showing them a solution where cloud connectivity is purely for monitoring and analytics, not control. Start with non-critical systems, prove the security works, then gradually expand. What specific concerns have you heard from plant managers in your experience?