The new Zero Trust border: ensure data transfer between domains with integrity and speed

Most security programmes have for years assumed something that is no longer sustainable: that the problem is solved as soon as a system is connected. Open a ticket, deploy a gateway and start moving packages has been the standard recipe; however, that logic fails when the operating speed and heterogeneity of environments increase data transfer to the risk category. Recent data from the sector show that incidents that cross multiple domains are more expensive and more frequent, and that the crossing points between networks - IT / OT, classified / unclassified, cloud / tenant external - are where the highest exposure is concentrated today.

The data movement is the new border of Zero Trust. While Zero Trust has rightly focused on identity, endpoints and microsegmentation, the transfer between domains remains in many cases a "grey zone" with weak controls: manual processes, legated infrastructure and exchange solutions configured as if the trust were transmitted along with the package. That creates a window in which a malicious actor can alter, observe or delay critical information just as he passes the border.

The public figures of the sector illustrate this: incidents involving third parties increase and represent a substantial part of the gaps, and violations affecting multiple environments often involve costs significantly higher than those that are confined on- premises. Reports such as Verizon's report on violations and IBM's report on the cost of gaps detail this trend and help to price the risk associated with trust crossings: Verizon DBIR 2025 and IBM Cost of a Data Break Report 2025. At the same time, the recurrent pattern of exploitation of managed transfer solutions (MOVEit, GoAnywhere, Cleo) shows that the attackers understand and point to those pipes.

In an environment where artificial intelligence accelerates decisions towards milliseconds, the mismatch between the speed of models and the slowness of the exchange infrastructure becomes an operational vulnerability. A detection or decision model that acts with damaged, incomplete or delayed data produces wrong results; the solution is not to stop the IA, but to modernize the layer that delivers data with guarantees of integrity, provenance and policy compliance.

The answer is not a single framework, but an architectural composition. The combination of Zero Trust for identity and access, data-focused security (labelling, persistent encryption, contextual controls on use) and cross-domain solutions that act as "guardians" at the borders can support rapid and audible transfers. These pieces work differently: Zero Trust decides who or what can ask for data; data-focused security ensures that the payload carries its own cryptographic guarantees; cross-domain solutions control, transform and certify the flow at the crossing point.

In practice, this requires a number of specific changes in programs and procurement: mapping and classifying critical flows (not only active), eliminating manual processes for the movement of sensitive information, requiring signatures and integrity marks in files and messages, deploying mediators that implement content and context policies in real time, and continuously auditing the chain of custody. There is also a need to modernize contracts and service agreements with third parties to incorporate latency, integrity and incident response metrics that reflect operational reality.

Operating equipment must measure what matters: percentage of manual transfers, latency between generation and consumption of data by IA, rate of integrity failures detected at border and average time of containment after a change in transit. With clear metrics it is easier to justify investments in modernization and architectures that allow to share without sacrificing control. Resources and guides of actors in the sector and the world of industrial security can serve as a reference for prioritizing these critical flows; for example, the analysis of security OT shows how many intrusions start in IT and spread when borders are not properly defended ( Drago).

The transition is not immediate and requires commitments: to start with stranded pilots on high-impact flows, to introduce cryptographic integrity mechanisms and not to depend on the confidence implied when crossing a domain. It also requires political coordination: the modernization of infrastructure in critical sectors must be accompanied by resources and processes that remove manual bottlenecks without creating new exposure vectors. If no action is taken, the gap between the decision speed - driven by IA and automation - and the control speed will remain the place where the opponent would rather attack.

In conclusion, protecting data transfer between domains should no longer be considered a "network configuration" work and become a strategic security objective. Those who secure the border and allow the data to arrive with integrity and context gain not only resilience, but also the ability to operate at the speed required by the mission or business. To start today: map flows, reduce manual, require cryptographic integrity and seek solutions that apply policies at the border rather than wait for a human team to do it in the tail.