Comment by AnthonyMouse

One-time anything doesn't work for security, not least because if they're trying to betray you they can change whatever they want as soon as your auditors leave the premises.

Notice also that you're only handling the entities large enough to do things in-house to begin with. Meanwhile one of the biggest problems here is industrial espionage, which is to say startups with interesting new technology.