As national security operations become increasingly distributed and data moves across agency, contractor, cloud, and coalition networks, perimeter-based security models are no longer sufficient to protect mission-critical information, according to new insights from Frank Balonis, chief information security officer and senior vice president at Kiteworks.
Balonis’s analysis, supported by findings from the newly released Kiteworks 2025 Data Security and Compliance Risk: Data Forms Survey Report, reveals that sensitive data frequently travels far beyond the networks designed to safeguard it.
“The boundary you spent years fortifying ends long before your data stops traveling,” said Balonis. “A mission file created inside a secure government enclave may touch systems administered by contractors, cloud providers, and foreign partners. Your perimeter protections don’t go with it.”
Survey Shows High Incident Rates Despite Heavy Security Investment
The report examined how 324 organizations secure their most sensitive data-collection workflows and found:
- 88% experienced at least one form-related security incident in the past two years
- 44% suffered a confirmed data breach tied specifically to form submissions
- 89% use web application firewalls
- 92% rely on server-side validation
- 82% deploy parameterized queries to prevent injection attacks
Despite widespread use of perimeter and platform defenses, incidents continue to rise.
“The perimeter looks solid on paper, yet attackers continue to reach the data,” Balonis said. “That’s because our controls sit at the edge of the network, not inside the data as it moves across organizations.”
The Hidden “Long Tail” of National Security Data Exposure
The survey found that low-volume workflows often collect some of the most sensitive information. In national security environments, these include:
- Base-level administrative portals
- Niche mission tools
- Contractor-hosted systems
- Coalition applications
“Individually, these systems seem minor. Together, they form a parallel network of mission-critical data that rarely sits behind your best-engineered perimeter,” Balonis said.
Why Network Boundaries No Longer Protect National Security Data
According to Balonis, two structural issues make perimeter security insufficient.
Controls do not follow the data. Mission files frequently cross into other environments—contractors, cloud platforms, allied networks—where governance and enforcement differ significantly.
“Once your data leaves the boundary, you’re relying on someone else’s security stack,” said Balonis. “That assumption breaks down quickly in multi-agency and multinational operations.”
Detection outpaces containment. While 82% of organizations have real-time monitoring, fewer than half have automated response capabilities. “You can’t stitch together a cross-agency response fast enough to stop the spread,” Balonis noted. “Attackers take advantage of that delay.”
What National Security Stakeholders Now Prioritize
Respondents placed the highest importance on:
- Data sovereignty and residency
- Validated cryptographic controls
- Certifications such as FIPS 140-3, FedRAMP, ISO 27001, and SOC 2
“These are not perimeter concerns — they’re data properties,” said Balonis. “Which keys protect this file? Where does it reside? Can we prove these facts to auditors? Firewalls can’t answer those questions.”
Making Security Travel With the Data
Balonis outlines four practical strategies for embedding security directly inside national security data.
Object-Level Encryption
Mission files remain encrypted as discrete objects, using FIPS-validated modules, no matter where they travel.
Embedded Policy and Classification
Access rules, caveats, and sovereignty constraints stay with each file and enforce themselves wherever the file moves.
Per-File Audit Trails
Every interaction — access, sharing, forwarding, cross-border movement — is logged for CMMC, FedRAMP, and national-level oversight.
Zero Trust at the File Layer
Each attempt to open or share a file is evaluated in real time based on identity, device, location, and mission context. “The only perimeter that matters now is the file,” Balonis said. “If encryption, policy, sovereignty controls, and audit don’t travel with the data, they won’t be there when you need them.”
The Way Forward
“Distributed, coalition-heavy operations demand protection that persists across networks no single organization controls,” Balonis concluded. “Security must live inside the data. Otherwise, it will keep leaking past the edges of every network we build.”