Write access to sensitive files in spool directory source

I have a flume agent ingesting my files from spool directory source to hdfs
I'm a little concerned here because I'm forced to give write permission to my all important data files so that flume could rename the file. I understand flume does this to identify the processed files and avoid processing the same file again.
However data security is a critical concern here.
So at this point I wish if there were an alternative way so that I get my critical data ingested without compromising on their security