Skip to main content
CybersecurityNetwork Security

Zero Trust Stalls at Data Movement Bottleneck

Person in secure room surrounded by equipment and screens manages sensitive data transfer.

"The assumption that data arrives trusted the moment it crosses a boundary is the assumption that attackers are most reliably exploiting right now," wrote Petko Stoyanov, chief technology officer of Everfox.

Cyber360 survey: manual data movement and the Zero Trust gap

New research in the Cyber360: Defending the Digital Battlespace report quantifies a gap that security teams have long felt. Among 500 security leaders in government, defense, and critical services across the U.S. and UK, 84% agreed that sharing sensitive data across networks heightens cyber risk, and 53% said they still rely on manual processes to move that data between systems. The report frames this not as a usability problem but as a structural bottleneck: when more than half of national security organizations move sensitive data by hand, policy and controls lag the tempo of operations—especially as AI accelerates decision cycles.

Attack trends and consequences: Cyber360, Verizon, IBM, Dragos, and MOVEit

Cyber360 recorded an average of 137 attempted or successful cyberattacks per week against national security organizations in 2025, up from 127 the previous year; U.S. agencies saw the weekly rate surge 25%. That rise sits alongside corroborating industry data: Verizon's 2025 Data Breach Investigations Report found third-party involvement in breaches doubled year over year, reaching 30% of all incidents. IBM's 2025 Cost of a Data Breach Report placed the average cost of a breach spanning multiple environments at $5.05 million—roughly $1 million more than on-premises-only incidents.

The enterprise story is similar in the operational technology (OT) domain. Dragos' 2025 OT Cybersecurity Report found 75% of OT attacks now originate as IT breaches, with roughly 70% of OT systems expected to connect to IT networks within the next year. Real-world breaches have followed the same attack surface: Cl0p's exploitation of MOVEit compromised more than 2,700 organizations and exposed the personal data of roughly 93 million individuals, and similar playbooks hit GoAnywhere and Cleo. Each incident, the report argues, was fundamentally an attack on the pipes that move data between trust boundaries.

Why connectivity is not the same as secure data movement

The Cyber360 analysis stresses a distinction that is often missed in program planning: opening a connection is not the same as making the data trustworthy. The moment data crosses a boundary—between OT and enterprise, between a partner tenant and your cloud, or between classified and unclassified—it becomes a trust problem rather than a routing problem. Respondents highlighted the specific choke points: 78% cited outdated infrastructure (analog systems and manual processes) as a primary source of vulnerability; 49% named ensuring data integrity and preventing tampering in transit as their single biggest challenge when transferring information across classified or coalition networks; and 45% flagged managing identity and authentication across multiple domains as the biggest access challenge. Those three issues—integrity in transit, identity across domains, and manual handoffs—are called out as the working description of the attack surface adversaries have exploited for the past three years.

Cross-domain solutions, Zero Trust, and data-centric security

Cyber360 points to a layered architectural answer: combine Zero Trust, data-centric security, and cross-domain solutions. In this model, Zero Trust governs who and what can act; data-centric security governs the protections that travel with the data itself; and cross-domain solutions govern movement between environments. Done properly, the report says, cross-domain technologies remove the forced choice between speed and security by enforcing trust at the boundary rather than after it, allowing systems to operate as a coordinated whole instead of as isolated islands stitched together with fragile point-to-point integrations.

What this means for technologists, procurement leaders, and mission owners

  • Technologists and security teams: Expect the operational imperative to shift from standing up connections to validating and filtering every crossing. The Cyber360 data suggests prioritizing controls that guarantee integrity in transit and automate identity/authentication across domains, because manual processes are the immediate bottleneck.
  • Procurement and acquisition leaders: The evidence in Cyber360 and linked industry reports signals that buying "connectivity" alone is insufficient. Investment will increasingly need to cover cross-domain solutions and data-centric controls that operate at near–real-time speeds, not just gateways or point tools.
  • Mission owners and national security organizations: When detection and response pipelines move toward autonomous action, relying on manual data movement risks feeding AI and automation with stale or partial context. The gap between mission speed and control speed becomes a tactical vulnerability.

The report's bottom line is stark: movement is where policy collapses, and that collapse is an exploitable vulnerability when manual processes and legacy infrastructure are still common. Addressing it requires a layered architecture and operational changes that treat data movement as a security control in its own right—not an assumption.

For the full piece by Petko Stoyanov, CTO of Everfox, see the original article: https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html