by Valerio Pastore, Co-Founder, CyberGrant
There was one thing everyone already knew going into our Beyond the Perimeter event: the perimeter model was broken. What was not obvious was how openly practitioners were willing to talk about it — without the usual corporate filter.
Very openly, as it turned out.
The event's title was not rhetorical. It was a diagnosis.
Italy's ACN published a report just weeks before our meeting that captures the scale of the problem well: cyber incidents in Italy grew 53% in 2025 compared to 2024. That number is striking on its own — but it only counts reported and detected incidents. The actual volume is a multiple of that figure.
Today's business lives in cloud infrastructure, supply chains, SaaS platforms, and employee personal devices. Defending a physical perimeter in this environment is structurally incoherent. You are locking the door while the walls no longer exist.
Most security architectures are still designed around that door.
The Politecnico di Milano Security Observatory puts Italian cybersecurity investment at €2.8 billion, growing 12% year over year. The direction is right.
But from practitioners present at the event who manage security on the ground, a consistent frustration surfaced: more tools, more training, more policies — and yet risk perception does not come down. Budget grows; the sense of actual protection does not follow.
The reason is structural. Organizations keep buying tools designed to defend a perimeter that no longer exists. Every euro spent on perimeter security in a cloud-first, distributed environment has diminishing returns.
The most important question we addressed during the roundtable was this: what changes when you move protection from the perimeter to the data itself?
Some of the most candid exchanges came from practitioners with years of enterprise security experience. The observation was uncomfortable but precise: traditional DLP gets deployed, then abandoned within roughly two months. Not because organizations do not care about protecting data, but because the tool generates friction — false positives, blocked workflows, users who route around it because they have no practical alternative.
The problem is not the implementation. It is the model.
Traditional DLP is built on an assumption that no longer holds: data lives in a defined location, you protect it on the way out, you chase it down the exit channels. Today that data sits in cloud storage, shared drives, AI tools, email attachments, and unmanaged devices. There is no single exit to watch because the data is already everywhere.
The approach that actually works is the inverse: bring protection inside the file, not around the perimeter. If a document is encrypted at creation and stays encrypted wherever it goes, the exfiltration problem does not disappear — but it changes in nature. You no longer need to block every possible exit channel. You only need to make sure that whatever gets taken is unusable.
"Don't protect the exit. Protect the file at birth. The data becomes its own security perimeter."
One of the most animated discussions of the morning was Shadow AI, not the familiar Shadow IT problem of unsanctioned SaaS tools, but something newer and harder to govern: employees uploading confidential business documents to consumer AI platforms like ChatGPT, often in good faith, often without understanding what happens to that data once it is sent.
Prof. Greta Nasi, co-director of the Master in Cyber Risk Strategy and Governance at Bocconi and Politecnico di Milano, highlighted a point everyone recognized immediately as foundational: the moment a sensitive document enters a system you know little about, control is already gone. Before thinking about the file itself, the question is what is happening to the intellectual property, the strategic data, the operational context embedded in that document. Where does it go? What does it train? Who can access it?
What emerged clearly from the discussion is that this is not a technology problem. It is a governance problem.
Employees who upload sensitive documents to unsanctioned AI tools do it for two reasons: speed, or the absence of an approved alternative. They are not acting in bad faith. They are optimizing for their job. If we do not offer them something better, they will keep doing it.
The answer is not to block ChatGPT company-wide. It is to provide an equally capable alternative that is private, governed, and auditable. A private on-premise AI like AIGrant that processes internal documents without exposing them to public models, with department-level access controls and a full audit trail on every query.
There is a persistent psychological resistance to enterprise encryption. Propose encrypting files in a meeting and the doubts start immediately. People think about locked workflows, lost keys, processes that slow down.
We addressed this directly during the roundtable. The most precise answer: the problem is not encryption. It is badly designed encryption.
The reference model already exists. It is called BitLocker. Most Windows users have been relying on it for years without knowing. The disk is encrypted. No extra PIN, no perceptible slowdown, no friction. The security is there. The user does not notice it.
The objective is to apply the same logic to files, not just to disks. Every document should be encrypted at creation and remain readable for authorized users — on any device, in any cloud — while appearing as unusable data to anyone else. Without asking the authorized user to do anything differently from their current workflow.
With FileGrant, this translates to: CRYSTALS-Kyber encryption at file creation, post-share access control (including revoking access after a file has already been sent), screenshot blocking, and protection against AI scraping from external systems. All with an interface that does not ask users to "do security." The security is in the file.
Post-quantum cryptography came up early in the discussion — and it found real traction. This is not a future-state topic. It is an active risk.
The "harvest now, decrypt later" logic works like this: an attacker collects today's data encrypted with classical algorithms (RSA, ECC), stores it, and waits for sufficient quantum computing power to break the encryption. Data that appears protected today may be accessible in five to ten years.
For data with a long confidentiality horizon, strategic contracts, intellectual property, clinical data, critical infrastructure configurations, this risk is already operational. Not next decade. Now.
The reference standard adopted by NIST is CRYSTALS-Kyber, now FIPS 203 (ML-KEM), finalized in August 2024. This is not an advanced option for organizations that want to stay ahead. It is the algorithm that organizations with long-lifecycle sensitive data should be deploying today.
Another thread the roundtable surfaced: the economics of ransomware.
Ransomware works because of an asymmetry: the attacker takes data, makes it inaccessible or threatens to publish it, and demands payment. When the data is already encrypted with robust cryptography, that asymmetry collapses. Exfiltrating encrypted data is costly and low-yield. The ransomware supply chain has economics too: if the data cannot be monetized, it is not worth the investment.
This is not absolute protection. But it materially shifts the attacker's cost-benefit calculation — and the damage equation when an exfiltration does occur.
A consistent theme throughout the roundtable: cybersecurity can no longer be fully delegated to the CISO or the IT team. It has to be an executive-level accountability.
Not in the sense that every CEO needs to become a security engineer. In the sense that the consequences of a cyber incident today are not primarily technical. They are operational, reputational, legal, and in some cases national security issues.
Mario Ferloni, head of the Cyber Security Unit at the Municipality of Milan, illustrated this from the public sector side: large municipalities manage data on millions of citizens, must maintain essential services, operate under constrained budgets, and still need to ensure that regulatory compliance, NIS2 first and foremost, translates into actual security rather than paperwork.
Italy transposed NIS2 via Legislative Decree 138/2024, effective October 16, 2024. ACN Determination 127437 of April 13, 2026, is the current operational reference for essential and important entities. The regulation formalizes what mature organizations already practice: digital resilience is a board-level responsibility.
An attack on a hospital is not an IT problem. It is a public health problem. A disruption at an energy operator is not a technical glitch. It is a systemic risk. The gap between organizations that have internalized this and those still treating security as a departmental function will become visible at the next major incident.
Beyond the Perimeter was structured differently from a typical industry event. No stage, no vendor pitches, no marketing collateral. A closed roundtable among practitioners who work with these problems every day: enterprise CISOs, public sector security leaders, academics training the next generation of security strategists, and investors reading the market from a different vantage point.
What it produces is not a press release. It is a map of where the problem actually lives.
Three things the room took away with certainty:
The perimeter is already gone. This is not a prediction. It is a description of the present, and security architectures that have not yet registered it are accumulating silent risk.
Protection must move to the data. Not to exit channels, not to devices, not to the network boundary. To the file, from the moment of creation. Protection that follows the data wherever it goes, regardless of cloud platform, device, or transmission channel.
The technology exists. The bottleneck is cultural and organizational. The organizations that win are not those with the largest budgets. They are the ones that make security work without making users feel it as an obstacle.
Want to explore how these principles apply to your environment? Request a session on a scenario similar to yours.
Traditional DLP monitors data exit channels — email, USB drives, cloud uploads — and attempts to block the transfer of sensitive information. Its structural limitation is that it requires manual classification, generates false positives, creates friction with users, and is frequently abandoned within months of deployment. File-centric DLP moves protection into the document itself. The file is encrypted at creation and remains protected wherever it goes, regardless of channel or device. You are not chasing exits. You are making the data unusable outside its authorized context. With FileGrant, this includes post-share revocation: you can revoke access to a file even after it has already been sent.
Shadow AI is the use of unsanctioned consumer AI tools (ChatGPT, Gemini, and similar) by employees to process business data — typically for speed or because no approved alternative exists. Unlike Shadow IT, the risk is immediate and nearly invisible: a confidential document uploaded to a public AI service has left organizational control the moment it is transmitted. The solution is not a blanket prohibition. It is providing an equally capable private alternative. AIGrant is an on-premise AI platform that delivers the same processing capabilities without exposing data to public models, with department-level access controls and a full audit log on every interaction.
"Harvest now, decrypt later" is the practice of collecting today's data encrypted with classical algorithms (RSA, ECC) and storing it until quantum computing power becomes sufficient to break the encryption. For data with a long confidentiality horizon — strategic contracts, IP, clinical data, critical infrastructure — this is an active risk, not a future scenario. The NIST-adopted standard for post-quantum cryptography is CRYSTALS-Kyber (FIPS 203, ML-KEM, August 2024). FileGrant implements this algorithm natively in every encrypted file.
Italy's NIS2 implementation (Legislative Decree 138/2024, effective October 16, 2024) does not mandate a specific algorithm, but requires technical measures adequate to the risk, including data protection at rest and in transit. ACN Determination 127437 of April 13, 2026, is the current operational reference for essential and important entities. For organizations managing long-lifecycle sensitive data, migrating to post-quantum algorithms is consistent with the risk adequacy requirements the regulation establishes.
An attacker who exfiltrates files already encrypted with FileGrant faces unusable data. The core economic lever of ransomware — threatening to publish readable sensitive data — is significantly weakened when content is protected with CRYSTALS-Kyber encryption and keys reside in the customer's infrastructure (on-premise zero-knowledge mode). This does not eliminate ransomware risk entirely, but it substantially reduces the attacker's return on investment and limits downstream damage when an exfiltration occurs.
Yes. FileGrant works alongside — not instead of — an existing Microsoft stack. Integration with M365 adds file-centric encryption, post-share access control, and AI scraping protection to documents already in SharePoint and OneDrive — capabilities that the Microsoft platform alone does not provide. Deployment is on-premise or on nationally hosted cloud infrastructure, with no data transiting external systems.