Why Secure Data Movement is the Zero Trust Bottleneck Nobody’s Talking About

Every security system bets in the same way: once the system is connected, the problem is solved. Open the ticket, get up the gate, push the data. Done.

That thinking is wrong. It is also a big reason that Zero Trust programs are stagnant.

A new study my team just published puts the numbers to it. I Cyber360: Securing the Digital Battlespace report, based on a survey of 500 security leaders in government, defense, and critical services across the US and UK, found that 84% of government IT security leaders agree that sharing sensitive data across networks increases their cyber risk. More than half – 53% – still rely on manual processes to move that data between systems. In 2026. With AI accelerating the speed of operation on both sides.

That’s the Zero Trust loophole no one talks about. Not ownership. Not points. The data flow itself.

Threat Volume Increases Faster Than Controls

Cyber360 recorded an average of 137 attempted or successful cyber attacks per week by national security organizations by 2025, up from 127 last year. US agencies saw the weekly rate rise by 25%. Verizon’s 2025 Data Breach Investigations report tracks a similar trend on the business side: third-party involvement in breaches doubled year over year, to 30% of all incidents. IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach spanning multiple locations at $5.05 million, nearly $1 million more than local-only incidents.

The boundaries between IT and OT, between employers, between partners and internal environments are where money and time reside now.

Communication Is Not the Same as Secure Data Movement

The moment data crosses a boundary, whether it’s between an OT network and an enterprise SOC, between a partner’s tenant and your cloud, or between segregated and non-segregated, it stops being a routing issue and becomes a trust issue. It must be validated, filtered, and controlled by policy before anything downstream can act on it. This is where modern architecture slows down.

Cyber360’s data is unclear about where the pain is centered:

• 78% of respondents cited outdated infrastructure as the main source of cyber vulnerability, specifically pointing to analog systems and manual processes as weak links.
• 49% named ensuring data integrity and preventing tampering in transit as their single biggest challenge when transferring information across isolated or federated networks.
• 45% marked managing identity and authentication across multiple domains as their biggest access challenge.

Transport integrity, ownership across domains, and manual processes still apply. That’s the working definition of an attack enemies have been exploiting for three years.

Business data tells the same story in a different language. Dragos’ 2025 OT Cybersecurity Report found that 75% of OT attacks now originate as IT breaches, with nearly 70% of OT systems expected to be connected to IT networks within the next year. The traditional IT/OT air gap is over. Managed file transfer violations drive the point home. Cl0p’s MOVEit exploit compromised more than 2,700 organizations and exposed the personal data of 93 million people. The same playbook worked against GoAnywhere and Cleo. All of those incidents were, at their core, attacks on pipelines that move data across trust boundaries.

The Speed-vs-Security Trade-off Is a Myth

There is a persistent belief that you can delete data quickly or move it securely. Choose one.

In practice, most teams choose to be safe and accept delays. That works if decision cycles are measured in minutes. It doesn’t work when measured in seconds, and it completely folds when measured in milliseconds.

AI is growing rapidly in both directions. Discovery and response pipelines continue to act independently. They don’t wait for the gate to finish checking the file. If 53% of national security organizations still transmit data manually, the delta between AI-speed demand and analog-speed supply becomes an attack surface. An AI model, whether it uses fraud detection, threat assessment, or targeted analytics, is only as good as the data it accesses. If that data cannot flow freely, or cannot be trusted when it arrives, the model uses an old or partial context. The bottle is not an intelligence layer. It’s the pipes underneath.

Role of Cross Domain Technologies

This is where cross-domain technology gains its place, not as a compliance check box.

Done right, they remove the forced choice between speed and safety. They force trust at the border instead of following behind it. They allow systems to function as an integrated whole, rather than as a collection of isolated islands held together with point-to-point integration that attackers have now shown they can disrupt at scale.

Cyber360 research points to a specific architectural answer: a layered model that includes Zero Trust, Data Centric Security, and Cross Domain Solutions. No single framework fills the gap alone. Zero Trust governs who and what. Data security governs the data itself, no matter where it goes. Cross-domain solutions control movement between domains. Together, they enable secure data sharing to occur at near-real-time speeds across distributed, collaborative, and operational boundaries.

The goal works beyond defense: business systems where SOC data crosses OT, IT, and cloud boundaries; critical infrastructure where operational data must reach decision makers without sacrificing integrity; multi-company investigation where partner data must flow in both directions under policy.

The Bottom Line

The assumption that the data is trusted when it crosses the border is the idea that attackers are exploiting the most trusted right now. The border is a place of attack. Movement is where policy falls. And when more than half of national security organizations still move sensitive data through manual processes, the gap between the speed of machines and the speed of control is not just a bottleneck. Being vulnerable.

That’s the space that Everfox works in: securing access, transmission, and movement of data in environments at the speed of work.

For architectural patterns, control placement, and performance traps, see our Guide to Securing Collaboration and Data Movement.