Secure Data Collaboration for Government: When Protecting Data and Sharing It Are No Longer a Tradeoff

Q: How does Seshat address the DoD Zero Trust Data pillar requirements?

The DoD Zero Trust Strategy identifies the data-in-use gap as the central problem its architecture is designed to solve. Most DoD systems encrypt data at rest and in transit. None encrypt data during active processing without a purpose-built continuous encryption capability. Seshat provides exactly that capability. It delivers encryption across all three states: at rest, in transit, and during active use. This completes the encryption lifecycle the DoD Zero Trust Data pillar requires and enables agencies to reach Advanced Level maturity in the Data pillar.

The most alarming detail about Salt Typhoon is not what the attackers took. It is how long they stayed.

Beginning in 2023 and remaining undetected for up to two years, Chinese state-sponsored actors penetrated at least eight major U.S. telecommunications providers. They did not simply steal data. They accessed the lawful intercept systems that U.S. law enforcement and intelligence agencies use for real-time surveillance of calls, messages, and data. They compromised the infrastructure governments use to share intelligence. They targeted presidential campaigns, State Department officials, and individuals already under U.S. surveillance. As of April 2026, the Senate Commerce Committee was still demanding AT&T and Verizon provide documentation that their networks had actually been secured; the telecoms have not convincingly demonstrated their claims that they have evicted the intruders.

Salt Typhoon did not break encryption. It did not need to. It reached data during the window when that data had already been decrypted for use. That is the window every adversary targets. That is the window the standard approach to data security leaves open.

Closing it requires a different architecture. Not better perimeter controls. Not additional access management layers. A data layer that stays encrypted even when everything above it has been compromised.

The Architecture Problem That Policy Cannot Solve

Salt Typhoon is the most visible recent example of a recurring problem. The current model for government data collaboration requires an impossible choice. You can share data and accept the exposure that comes with decrypting it for your partners to use. Or you can protect it and accept the mission degradation that comes with keeping it locked up. Every cross-agency task force, every coalition intelligence operation, every inter-agency analytical effort runs into this challenge. The data that would make the analysis better is on the other side of a classification boundary; or an organizational firewall that no one is willing to open because opening it means decrypting it.

Secure data collaboration for government means removing that wall without removing the classification boundary. It means allies can contribute to a common operating picture without either nation exposing its sources and methods. It means a federal analyst can query across agency datasets without those agencies handing over control of their most sensitive records. It means the data stays sovereign even as the intelligence becomes shared.

Zero Trust at the Data Layer: What Most Agencies Are Missing

The Department of Defense (DoW)’s Zero Trust Strategy has been explicit since 2022 that Zero Trust is ultimately a data-centric model. Its Data pillar requires encryption across all three states: at rest, in transit, and during active use. Most DoW systems encrypt at rest and in transit. None encrypt in use without a purpose-built continuous encryption capability. That gap is where adversaries operate. Salt Typhoon did not exploit a technical vulnerability. The joint CISA/FBI advisory confirms the group maintained persistent, long-term access to networks by reaching data during active processing. Nation-state actors are patient because the window is always there. Seshat closes it.

The CISA Zero Trust Maturity Model and Executive Order 14028 both point toward data-layer protection as the completion of a Zero Trust implementation. Identity and network controls determine who gets in. Continuous encryption determines what value they find when they do. Without the data layer, Zero Trust has a gap that adversaries know how to exploit.

Classification boundaries remain enforced at the data layer, not just at the access layer. A Secret-cleared analyst cannot see Top Secret data even if they reach the system during an active processing session. That is Zero Trust at the data layer; not just the identity and network layer.

Coalition Operations and the Sovereignty Problem

For coalition and allied operations, the architecture change is significant. No partnership illustrates the problem more clearly than AUKUS, a trilateral security agreement between the United States, the United Kingdom, and Australia established in 2021 to enable collaboration on advanced defense capabilities including nuclear-powered submarines, AI, and quantum technologies.

At its core is a data sharing challenge: how do three nations collaborate on the most sensitive defense programs while each maintains sovereign control over its own classified information? The standard answer has been carefully scoped data sharing agreements, declassifying information to a shareable level, or building separate parallel analytical environments. Each approach either exposes sensitive data or degrades the analytical value of the collaboration.

The better answer keeps data encrypted while enabling the collaboration. Allied forces can run queries against each other’s encrypted datasets without either party exposing the underlying information. Classification levels remain strictly enforced across the operation. Top Secret data stays inaccessible to Secret-cleared users even during collaborative analysis. Intelligence analysts gain the insights they need without either nation creating vulnerability in the process.

This is what Donoma calls the resolution of an “impossible triangle”. Three outcomes that have historically forced a tradeoff: security, performance, and effective multi-party collaboration. The architecture that delivers all three simultaneously now exists.

The Federal Civilian Agency Case

For federal civilian agencies, the implications are equally consequential. Agencies across the federal government hold data that would improve each other’s analytical capabilities. The barriers are not just legal and policy based. They are architectural. An agency that shares data in standard form loses control of it. An agency that keeps data in standard encrypted form loses the collaborative benefit.

The opportunity that continuous encryption creates is straightforward. An agency can contribute its dataset to a joint analytical operation without handing over clear text data. A partner agency can run queries and receive results without either party holding readable source data. The analysis runs. The data stays sovereign. Classification boundaries remain enforced throughout. What has historically required either a formal declassification process or a security waiver becomes a routine analytical operation.

That is not a marginal improvement. It changes what is possible. Joint operations that currently require months of legal review to establish data sharing frameworks could initiate in days. Analytical capabilities that currently sit behind organizational firewalls because no agency is willing to expose its data could be pooled without exposure. The mission value locked inside siloed agency datasets becomes accessible without unlocking the underlying data.

The architecture that enables this is the same one that closes the Salt Typhoon-class vulnerability. An adversary who establishes persistent access inside a Seshat-protected agency environment finds only ciphertext. An authorized partner who queries across agency boundaries gets results without getting data. Both outcomes flow from the same architectural decision.

The DoD Zero Trust Data pillar makes the requirement explicit: no component can reach Advanced Level maturity without solving the data-in-use problem. The same requirement applies to any agency operating under CISA Zero Trust guidance or Executive Order 14028. Donoma Seshat is the architectural solution to that specific requirement.

What Donoma Seshat Delivers for Government

The architecture problem that has forced the security-versus-sharing tradeoff in government operations for decades now has a technical solution. What is required is a continuous encryption capability that keeps data encrypted during active processing without sacrificing the analytical utility that makes sharing worthwhile in the first place.

Donoma Seshat delivers continuous encryption across all three data states. It deploys at the application layer without replacing existing agency infrastructure. It runs on standard CPUs in on-premises, air-gapped, secure cloud, and tactical edge environments. It operates at native speed, so analysts and operators experience no performance degradation on encrypted workflows. And it is post-quantum ready; which NSA and DoW have identified as a near-term priority for classified system protection.

The mission case is the business case. Agencies that can share data without decrypting it can run joint operations that are currently impossible. Analysts who can query across classification boundaries without exposure can see patterns that are currently invisible. Commanders who can correlate intelligence from allied partners without sovereignty compromise can make decisions with a fuller picture.

The architecture is ready. The time for action is now.

If you want to see how Donoma Seshat enables secure data collaboration in your agency or coalition environment, at native speed, in air-gapped and classified deployments, without specialized hardware, book a solution briefing with the Donoma team.

Frequently Asked Questions

What is the core barrier to secure data collaboration in government?

The barrier is architectural, not organizational. Standard encryption requires data to decrypt at the point of use. When an agency shares data with a partner for joint analysis, that partner holds a decryptable copy. If their systems are breached or an adversary establishes persistent access, the data is exposed. Salt Typhoon demonstrated this with clarity: Chinese state-sponsored actors maintained access to U.S. telecommunications infrastructure for up to two years, reaching lawful intercept systems and communications data not by breaking encryption but by accessing data during active processing. Security-conscious agencies respond by restricting sharing. Mission leaders see the analytical potential locked behind those restrictions. The architecture that resolves that tension keeps data encrypted during processing so sharing the data does not mean exposing it.

How does Seshat address the DoW Zero Trust Data pillar requirements?

The DoW Zero Trust Strategy identifies the data-in-use gap as the central problem its architecture is designed to solve. Most DoW systems encrypt data at rest and in transit. None encrypt data during active processing without a purpose-built continuous encryption capability. Seshat provides exactly that capability. It delivers encryption across all three states: at rest, in transit, and during active use. This completes the encryption lifecycle the DoW Zero Trust Data pillar requires and enables agencies to reach Advanced Level maturity in the Data pillar.

How does Seshat enable coalition data sharing while preserving national sovereignty?

Seshat enables allied partners to run queries against each other’s encrypted datasets without either party exposing the underlying information. Classification boundaries remain enforced at the data layer throughout the operation. Top Secret data stays inaccessible to Secret-cleared users even during collaborative analysis. Each nation maintains sovereign control over its classified information while contributing to and benefiting from joint intelligence analysis. The collaborative value is real. The sovereignty exposure is not.

What is the Impossible Data Triangle and how does Seshat resolve it?

The Impossible Data Triangle describes the three outcomes that government data sharing has historically forced organizations to trade off: security, performance, and effective multi-party collaboration. Traditional approaches could deliver two of the three but not all three simultaneously. Sharing data with partners compromised security. Protecting security degraded collaboration. Maintaining performance required decryption. Seshat resolves all three simultaneously. Data stays encrypted during processing, performance operates at near-native speed, and multiple parties can collaborate on shared encrypted datasets without exposure.

Can Seshat operate in air-gapped and classified environments?

Yes. Seshat deploys on-premises, in air-gapped environments, in secure cloud configurations, and at the tactical edge. It requires no external connectivity to operate and no changes to existing network architecture. It runs on standard CPUs with no specialized hardware requirement. Deployment adapts to whatever operational context the mission requires; from civilian agency to classified defense environments.

How does Seshat address insider threat risks in government environments?

Seshat protects against insider threats at the data layer. Even an authorized user with full session access cannot extract usable data from a Seshat-protected system. Any attempt to remove data results in encrypted hashes with no operational value. Database administrators can maintain systems without ever accessing unencrypted data. This directly addresses the DoD’s insider threat concerns at a technical rather than procedural level; eliminating the scenario where a credentialed insider becomes a data exfiltration risk.