Beyond perimeters: Securing data for the zero-trust era

As the federal government races toward the fiscal 2027 deadline for advanced zero-trust implementation, agencies continue to struggle with one of its key pillars: to fully secure data in an environment where the battlefield is as digital as it is physical. For Shannon Vaughn, the General Manager of Virtru Federal, the answer lies in focusing on data-centric security.

“The federal mandates on zero trust are one, a paradigm shift—but absolutely critical,” says Vaughn in a new video interview produced by Scoop News Group for Virtru. “We’ve realized through different nation-state actors and hacking attacks that we really need to be able to move security down to the data object level, and we need to put in place a lot of flexible yet strong security.”

While agencies have made progress across identity, endpoints, networks and applications, Vaughn noted that the “data pillar is the hardest to get after.” With fewer than 500 days until agencies must demonstrate compliance with White House directives, many are still lagging. “Far too many agencies and militaries are behind the curve in really answering that data (requirement) well,” says Vaughn.

A cornerstone of the data-centric approach is the Trusted Data Format (TDF), an open standard created by the National Security Agency. “What TDF does is it applies protections onto the individual data objects themselves,” explains Vaughn. “Each individual object comes with its own security boundary, and it has both tags through attribute-based access control as well as encryption.” This allows agencies to share data confidently, since protections remain in place even after the data leaves their boundary. Access can be adjusted dynamically, and organizations maintain full visibility through auditability and traceability of who is using the data and how.

Vaughn pointed to Operation Highmast, a U.K.-led multinational naval exercise, as a real-world demonstration of this model. “Traditionally, to share data across nations, you’d stand up a new network,” he says. “By pushing security down to the data itself, you can have a single gold copy and let everyone federate in.” The exercise has enabled the U.S., U.K., Japan, Spain, Australia and others to share sensitive intelligence dynamically, a capability Vaughn called “the best example of data-centric security at scale.”

That momentum is accelerating with the emergence of the Zero Trust Data Format (ZTDF), which Virtru developed with its Five Eyes partners. “We expanded what TDF can do and moved it just out of a U.S. intelligence specification into a NATO standard,” says Vaughn. “It truly is the fastest I’ve ever seen nations pick up a new capability because they said, ‘Hey, this was the missing link to being able to do dynamic data-centric security.’”

For agencies, the takeaway is clear: the countdown clock is ticking, and the data pillar can no longer be ignored. “We’re really trying to give agencies a fast way to meet that mandate on the hardest part of zero trust: data,” says Vaughn.

Learn more about supporting zero-trust architectures with data-centric security from Virtru.

This video panel discussion was produced by Scoop News Group, for FedScoop and DefenseScoop, and underwritten by Virtru.