Recent academic research into commercial satellite communications revealed just how fragile communication paths can be. Researchers found that roughly half of the geostationary satellite signals they analyzed contained data transmitted without encryption.
The intercepted traffic included corporate backhaul data, maritime communications, and in some cases, government and military transmissions.
The finding revealed a gap between how customers perceive data security and how it is handled. Signals carrying phone calls, text messages, or military logistical data were sent in plain text, which anyone with relatively inexpensive ground equipment could intercept.
The vulnerability was simply an absence of encryption on the communications channel itself. The same pattern repeats across countless enterprise environments.
Information security teams may enforce multi-factor authentication (MFA), device posture checks, and segmented networks, but once data leaves the verified endpoint, it often passes through unmonitored channels.
The endpoint is trusted, the user is verified, but the path remains invisible.
Why secure communication fails in modern environments
Inside corporate networks, the most common leaks occur through routine tools rather than advanced attacks. Employees forward confidential documents to their personal email accounts to work from home or paste internal information into AI chatbots to speed up drafting and analysis.
A 2024 analysis found that more than a quarter of employees had pasted sensitive corporate data into AI tools, including confidential information shared by customers.
Cloud collaboration platforms present similar risks. Shared folders left open to “anyone with the link,” unsecured third-party integrations, and personal devices syncing corporate drives all bypass central controls.
Studies of cloud misconfigurations have repeatedly shown that large numbers of storage buckets and repositories are left exposed, many containing sensitive customer or employee data.
Messaging applications compound the problem. Even when encrypted, they still generate metadata, which can reveal sensitive patterns of behavior. Push notification platforms and cloud backup services sometimes store that meta data unencrypted, and smart assistants add another layer of risk by capturing background audio that may contain private or sensitive conversations.
None of these issues are particularly new, but together they show that some interpretations of the Zero Trust perimeter—verifying users and devices—leaves out a critical dimension: the route that data takes after it is sent.
How Zero Trust enables secure communication
If Zero Trust means never assuming safety, then communication channels must be treated with the same skepticism as endpoints. Every hop between devices, networks, satellites, or application programming interfaces (APIs) should be assumed hostile until proven otherwise.
That requires visibility, encryption, and verification, not just at the moment of access, but throughout transmission.
In satellite networks, that might mean mandating link-level encryption as a baseline rather than an optional feature.
In enterprise collaboration, it means enforcing encryption between internal and external tenants and validating that data-loss-prevention and monitoring tools extend into third-party applications.
For emerging AI workflows, it means treating model prompts and outputs as data in motion—subject to the same classification and protection policies as any other sensitive document.
Operationalizing Zero Trust at the communication layer requires enforceable control.
Communications-layer security also depends on understanding metadata and side channels. Encryption requires companion safeguards. Identifiers, timestamps, and routing details must also be protected.
The principle of least privilege applies here as well. Minimize the amount of metadata retained and restrict access to it as tightly as possible, in line with the underlying content.
The human factor in communication security
Technology alone cannot eliminate these risks. The real vulnerability often stems from everyday human behavior shaped by convenience.
This is a cultural challenge. Until organizations apply the same scrutiny to how data moves as they do to who moves it, they will be protecting only half of the attack surface.
Sending a document to a personal email may seem harmless, and pasting code into a chatbot might look like a quick fix, but each of these small actions can expose data beyond an organization’s control.
Training and awareness programs often focus on phishing and password hygiene, while ignoring data-handling norms. The result is a disconnect between what security teams believe is protected and what employees do.
Zero Trust in communications requires encryption, monitoring, and cultural reinforcement: clear rules about what data can leave sanctioned systems—and why those rules matter.
Securing communications across all channels
To fully secure communications, organizations need to bring every channel—wired, wireless, satellite, cloud, API, and voice—under one unified visibility framework.
Ongoing monitoring of data flows should make it clear where information is moving, who is accessing it, and whether it is leaving the boundaries it was intended to stay within.
Independent audits of external service providers, including satellite operators and cloud vendors, should confirm that encryption, key management, and access controls are properly implemented.
These steps extend Zero Trust from the endpoint to the transmission layer. Instead of verifying access only at the start of a session, the system verifies each transaction, ensuring that the communication itself meets the same standards as the device and user that initiated it.
That approach aligns with the fundamental principle of Zero Trust: assume breach. If a channel is compromised, segmentation and encryption limit the damage. Each connection must be isolated to prevent environment-wide exposure.
The role of automation and AI
Today’s networks produce more data than any team can reasonably monitor manually. Automated analytics and AI-powered monitoring can identify unusual patterns, such as files being sent to unexpected locations or transfers that are larger than usual.
However, these tools also require strong oversight to ensure they are used responsibly and within clear governance limits. Automated inspection of encrypted traffic, for instance, should comply with privacy laws and limit decryption to only what is necessary.
As machine-learning systems become an integral part of everyday business processes, companies must remember that every interaction with a model constitutes a form of data sharing.
The text entered, the responses returned, and even the prompts themselves can include sensitive details that current data-classification rules may not cover. Integrating AI systems into Zero Trust governance frameworks ensures that these exchanges are logged, encrypted, and auditable.
What Zero Trust really means for secure communication
Zero Trust was never intended to stop at device management. Its real purpose is to verify every interaction across the digital ecosystem.
In the context of communication, verification must include how data is transmitted, stored temporarily, and received.
Applying Zero Trust to communication requires three practical shifts.
- First, organizations must view every communication as a transaction, not a conversation—an event that can be authenticated, encrypted, and logged.
- Second, all communication channels, both internal and external, should be treated as untrusted until verified.
- Third, encryption and authentication must be embedded into day-to-day operations, not applied simply to satisfy compliance obligations.
Extending Zero Trust in this way does not diminish the model; it confirms it.
No single lapse, whether a misconfigured cloud share, an overlooked API, or an unsanctioned chatbot session, should be allowed to expose the wider environment.
The road ahead
The growth of communications security will take time. Regulations are beginning to recognize the need.
Satellite operators are drafting encryption mandates, and data protection agencies are emphasizing secure transmission in compliance audits. But technology adoption alone will not solve the problem.
Organizations must establish habits for continually verifying channels, vendors, and data flows, just as they do for users and devices.
Encryption must be assumed mandatory, not optional. Auditing and reporting must extend to every interface that moves information beyond the enterprise boundary. And employees must understand that every message, file, or prompt can become a liability if sent through the wrong channel.
To truly enforce an effective Zero Trust framework, teams should look beyond locking down devices and users. Granular control over conversations, links, and data paths is equally crucial.
As enterprise environments become more interconnected, communications increasingly span internal systems, cloud services, partners, and automated platforms.
These pathways represent the same attack surface as endpoints and identities and must be governed with the same rigor.
Applying Zero Trust consistently across these channels closes the gaps that attackers most often exploit, reinforcing the model rather than redefining it.
Cybersecurity is broken only when trust ends too soon. The goal of Zero Trust was never to wall off the network; it was to eliminate blind faith in any system or link.
To secure the future of communication, that principle must be taken literally—verify everything, including the path the message takes to reach its destination.
Read more: Overcoming the challenges of Zero Trust
