Data in motion underpins nearly all the capabilities organizations depend on today. Automated fraud detection, hyper-personalized customer experiences and supply chain visibility all require data that moves fast enough to act on. As organizations scale their reliance on real-time data analytics and artificial intelligence (AI), the ability to move critical data quickly has become a foundational requirement.
However, that speed and criticality make security inseparable from the conversation. The more valuable the payload, the higher the cost of exposure, which is why securing data in motion has become a pivotal part of any data management program.
Data exists in one of three states at any given time — data at rest, data in use and data in motion. Most enterprise data passes through all three during its lifecycle. To illustrate the distinction, consider a spreadsheet:
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
At its core, data in motion follows a continuous pipeline: data leaves a source, travels across a network and arrives at a destination where it is processed or stored. The source can be almost anything—a database, a mobile app, an Internet of Things (IoT) device. From the moment of data collection, the cycle of data movement begins.
Rather than traveling as one intact file, data is broken into smaller units called packets, each tagged with routing information that tells the network where it’s headed. Those packets may take different paths across servers and nodes before arriving at their destination, where they are reassembled into their original format.
From there, the data movement cycle completes—information is either turned into actionable insights, handed off to another system or written to storage. The technologies behind this pipeline each handle a distinct stage of that journey:
At the point of initiation, event-driven systems react immediately to events such as purchases or login requests as they occur rather than waiting for a scheduled database poll. Event-driven architectures enable real-time data flows from the moment data is generated.
During transmission, platforms like Apache Kafka and Apache Flink keep data moving continuously rather than accumulating it into batches. Kafka captures and routes high-throughput data streams; Flink transforms, enriches and analyzes that data as it moves through the pipeline.
At the delivery stage, pipelines define the path data takes from ingestion through transformation to its destination. Application programming interfaces (APIs) standardize how systems communicate across that path, whether on-premises, in the cloud or across hybrid architectures.
For most of modern computing history, moving data was a deliberate, resource-intensive act. Files were transferred manually, pipelines ran on schedules and the volumes involved were modest enough that delays were tolerable. The decisions data supported could wait hours or days because the environments they informed moved at the same pace.
But batch architectures and fragmented data silos were built for a different era. In environments where fraud detection, patient monitoring and dynamic pricing are measured in milliseconds, scheduled pipelines introduce delays that render outputs obsolete before they arrive.
Organizations now operate across distributed systems and cloud environments that generate and consume data continuously. Real-time decision-making and seamless user experiences all depend on analyzing streams of information before they are ever written to storage. The window between data generation and action has essentially collapsed. In many use cases, any lag is failure.
Nowhere is this more acute than in agentic AI. AI-powered agents are designed to act autonomously rather than wait for human review—analyzing live data, triggering automation workflows and responding to customer interactions faster than any human could intervene.
When the data feeding those systems is stale or ungoverned, agents do not pause to question it. IDC projects that 80% of agentic AI use cases will require real-time, contextual data access, pushing organizations toward streaming architectures that can keep pace with autonomous systems.
Data in motion is inherently more exposed than data at rest. In transit, information passes through networks, intermediate systems and cloud environments where it is vulnerable to tampering and unauthorized access. A robust security strategy for data in motion requires multiple measures applied in concert, including:
Encryption is the foundational safeguard against unauthorized access. Most modern encryption methods rely on symmetric encryption algorithms—AES-256 being the widely adopted standard—which use a shared encryption key to scramble data into an unreadable format that only authorized parties can decrypt. Effective key management practices ensure that encryption keys are never exposed alongside the data they protect.
Transport layer security (TLS) applies these principles to encrypt data and establish a secure channel between endpoints, authenticating both parties and verifying data integrity in transit. Leading cloud service providers—including Microsoft Azure, AWS and IBM Cloud—support TLS 1.3 as the default standard across on-premises, hybrid and cloud-native environments.
For sensitive data traversing virtual private networks (VPNs), additional layers of data encryption may be applied to protect against insider threats or network-level compromise. For use cases requiring message-level protection, individual data payloads can be signed or encrypted independently using a private key, ensuring that sensitive information remains protected from malicious actors and unauthorized access.
Access management ensures that only authorized systems and users can initiate, receive or interact with data in motion. Role-based access control (RBAC) assigns permissions based on user roles, limiting exposure of sensitive data to those who need it.
Multifactor authentication (MFA) adds a second layer of verification, reducing the risk of unauthorized access from compromised credentials. These security measures are especially critical as data flows across multiple endpoints, APIs and third-party providers—each representing a potential vulnerability that cybercriminals can exploit.
Ensuring data arrives exactly as it was sent requires validation at every stage of transit. Cryptographic hash functions and schema validation checks flag anomalies and prevent corrupted or malformed data from propagating downstream into machine learning models, analytics systems or automated workflows.
Regulations make data protection a legal imperative in many industries. The General Data Protection Regulation (GDPR) mandates that personal data be protected during transmission with appropriate technical safeguards.
The Payment Card Industry Data Security Standard (PCI DSS) requires that cardholder data be encrypted across open, public networks. In healthcare, the Health Insurance Portability and Accountability Act (HIPAA) mandates encryption of protected health information in transit. For organizations operating across multiple jurisdictions, compliance is a layered obligation that follows data wherever it moves.
Data in motion is not confined to a single environment or channel. It flows across a wide range of systems and infrastructure, each with distinct security challenges and considerations. The types of data in motion include:
The most common form of data in motion is data traversing communication channels—across private networks, VPNs, the public internet or hybrid cloud environments. This includes file transfers between systems and APIs exchanging customer data between apps.
These data flows are a frequent target for hackers and cybercriminals, who exploit vulnerabilities in network infrastructure to intercept sensitive information through cyberattacks. Network security measures such as firewalls, intrusion detection systems (IDS) and secure communication channels help protect this data as it crosses boundaries between trusted and untrusted environments.
Data in motion also includes information moving to and from endpoint devices—laptops, mobile devices, hard drives and other storage devices that employees use to transfer and store data. When a laptop transmits intellectual property over an unsecured network or a mobile device syncs customer data to cloud storage, that data is in motion and exposed.
Endpoint-level security controls—including full disk encryption and data loss prevention (DLP) tools—help ensure that sensitive data remains protected even when devices operate outside the security perimeter. These tools specifically monitor and restrict the movement of sensitive information across endpoints, preventing unauthorized transfers before a data breach can occur.
As organizations shift workloads to cloud environments, an increasing share of data in motion flows between on-premises systems, cloud storage and cloud-native applications managed by third-party providers.
Securing data in cloud environments requires consistent permissions management, role-based access control and provider-level security controls. This level of security helps ensure that data moving between cloud services receives the same level of information security as data traversing internal networks.
With 86% of IT leaders prioritizing data streaming investments, the shift away from batch-oriented architectures is underway across several industries. Data in motion delivers the most value in environments where the speed of insight determines the quality of an outcome, such as:
Financial institutions depend on data in motion for fraud detection, real-time risk assessment and algorithmic trading. Streaming architectures allow fraud detection models to evaluate transactions against real-time behavioral patterns, catching anomalies before they complete rather than after harm is done. Credit risk algorithms that update continuously also better reflect current economic conditions, reducing the exposure created by big data models trained on datasets that no longer represent reality.
Healthcare organizations use data in motion to enable timely, data-driven clinical decisions. Real-time streaming of patient vitals from monitoring devices allows care teams to detect deterioration as it happens. When electronic health record (EHR) systems synchronize continuously across departments and facilities, clinicians work from a consistent, current picture of a patient’s condition.
Retailers rely on real-time data to optimize operational efficiency. When product availability or pricing is not synchronized in real time across platforms, the downstream effects ripple across both operations and customer experience. Scott Brokaw, Vice President of Data Integration at IBM, painted the picture at Think.
Enterprises generate continuous streams of telemetry data, from manufacturing sensors and connected vehicles to smart grid infrastructure. Architectures for data in motion allow organizations to process this data at the edge or in the cloud as it is generated, enabling predictive maintenance, real-time quality control and operational efficiency improvements.
Moving from batch to streaming architectures requires more than new technology, but rather an entirely new operating model that considers performance, governance and cybersecurity from the start. While not exhaustive, the following practices can help guide data-in-motion programs:
Ingestion patterns can be selected based on the rate of change in data sources alongside data storage costs or architectural convention. Use cases that require real-time decision-making demand architectures that streamline delivery and are scalable by design.
Governance policies that apply to data at rest must follow data as it moves. This means defining freshness service-level agreements (SLAs), enforcing schema standards at the point of ingestion, tracking lineage through the pipeline and applying access controls at every handoff.
Observability tools can track ingestion rates, transformation latency and data quality signals across the pipeline in real time. This visibility can also help surface issues before they reach production systems, dashboards, visualization layers or AI models.
Agentic systems require low-latency, continuous data access to function reliably. That means auditing existing pipelines for batch dependencies that could introduce lag, establishing data freshness thresholds tied to agent decision cycles and ensuring that governance policies follow data in motion rather than waiting for it to land at rest.
Stream, connect, process and govern your data, designed by the original co-creators of Apache Kafka®.
Make AI connected, trustworthy and actionable—so analytics and AI agents yield business value.
Successfully scale AI with the right strategy, data, security and governance in place.