Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
خلاصة الأبحاث: علاش تحويل البيانات (Data Movement) هو العرقلة المخفية فـ Zero Trust؟
Research Highlights: Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
As the Moroccan tech scene continues to evolve, with more local firms migrating to the cloud and integrating IT with Operational Technology (OT) in manufacturing and energy, we often hear that "Zero Trust" is the ultimate goal. We talk about Identity and Access Management (IAM) and securing endpoints. However, recent research suggests we are ignoring the most critical vulnerability: the actual movement of data between systems.
TL;DR
Despite the push for automation, 53% of national security organizations still rely on manual processes to move data, creating a massive "speed gap" that attackers exploit. New data shows that 84% of security leaders view cross-network data sharing as a high risk, with the average cost of multi-environment breaches reaching $5.05 million. To fix this, teams must move beyond simple connectivity and adopt a layered approach combining Zero Trust, Data-Centric Security, and Cross Domain Solutions (CDS).
The Reality Gap: Manual Processes in an AI Era
We often assume that once a gateway is set up and a ticket is closed, the connection is secure. According to the Cyber360: Defending the Digital Battlespace report (a survey of 500 security leaders in the U.S. and UK), this assumption is dangerously flawed.
In 2026, while AI is accelerating the pace of cyberattacks, 53% of national security organizations still rely on manual processes to move data between systems. For a Moroccan sysadmin or developer, this is a wake-up call: if the "plumbing" of your data movement isn't automated and secure, your Zero Trust architecture is effectively stalled.
Rising Threat Volumes and the Cost of Failure
The scale of the threat is growing objectively. The Cyber360 report recorded an average of 137 cyberattacks per week against national security organizations in 2025, an increase from 127 in 2024.
For the private sector, the financial implications are even clearer. The IBM 2025 Cost of a Data Breach Report highlights that the average cost of a breach spanning multiple environments is now $5.05 million. This is approximately $1 million more than breaches confined to on-premises environments. In our local context, where many Moroccan businesses operate across hybrid cloud and local data centers, this "multi-environment" risk is the new standard.
The Death of the "Air Gap"
For those working in industrial sectors or critical infrastructure, the traditional "air gap" (keeping OT systems physically isolated from the internet) is no longer a reality. The Dragos 2025 OT Cybersecurity Report found that 75% of OT attacks now originate as IT breaches.
Furthermore, the risk isn't just internal. The Verizon 2025 Data Breach Investigations Report notes that third-party involvement in breaches reached 30% of all incidents in 2025. We've seen this play out globally with attacks on Managed File Transfer (MFT) tools like MOVEit, GoAnywhere, and Cleo. These were not attacks on the data at rest; they were attacks on the "pipes" that move data between trust boundaries.
Technical Bottlenecks: Integrity and Identity
The research points to three specific weak links that junior and senior practitioners alike must address:
- Data Integrity: 49% of leaders cited ensuring data integrity and preventing tampering in transit as their biggest challenge.
- Cross-Domain Identity: 45% flagged managing identity and authentication across multiple domains as a primary hurdle.
- Outdated Infrastructure: 78% of respondents blamed outdated infrastructure, specifically "analog systems" and manual steps, for their vulnerabilities.
Definition: Cross Domain Solutions (CDS) are specialized security systems that allow for the controlled exchange of information between different security domains (e.g., between a secure internal network and a partner network).
The Solution: A Layered Architectural Model
Petko Stoyanov, CTO of Everfox, suggests that no single framework is enough. To bridge the gap, organizations need a three-pillar approach:
- Zero Trust Architecture (ZTA): Governs who and what can access the network.
- Data-Centric Security (DCS): Governs the data itself, ensuring protection regardless of where the file resides.
- Cross Domain Solutions (CDS): Governs the movement between different environments, allowing for automated validation and filtering at the boundary.
Conclusion
Connectivity is not the same as secure data movement. For Moroccan organizations looking to modernize, the goal shouldn't just be "connecting" systems, but ensuring that data can be trusted the moment it crosses a boundary. When more than half of high-security organizations still move data manually, the vulnerability isn't just a technical bug—it's the speed of the process itself.
Source: Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
