Dave Flanagan, Senior Principal Solutions Architect at Everfox, looks at secure data sharing in national security.
Data has become a decisive asset in modern national security. Across government, defence, and critical services, operational success now depends as much on how quickly and securely information can be shared and acted upon as on the ability to protect it.
Given this, the rise of data sovereignty in political agendas across the world is no surprise – shifting from a compliance requirement to a central pillar of national security strategy. Governments are rightly prioritising the control, localisation and protection of sensitive data. Yet this emphasis is also the root cause of a growing tension. By reinforcing sovereign boundaries around data, nations risk reducing the effectiveness of interoperability required to collaborate effectively with allies.
This tension does not need to be permanent, though. A modern architecture for data security makes it possible to preserve sovereignty while enabling agile data-sharing at mission speed.
When sovereignty slows mission speed
To see how integral data has become to national security, you need only look at the mission of initiatives like the U.S. Combined Joint All-Domain Command and Control (CJADC2), the UK Ministry of Defence’s Strategic Defence Review, and NATO’s Data Strategy for Alliance (DaSA). They all recognise that data must move seamlessly across classifications and allied environments to provide a decision advantage.
But operational realities often clash with strategic ambitions. Especially so when nationally driven strategies prioritise containment over connectivity, introducing delays in data exchange and manual workarounds. Everfox’s latest CYBER360 report illustrated the scale of this issue. 82 percent of security leaders at the frontline of national security point tobalancing sovereignty with coalition data sharing as a persistent challenge. This friction is exacerbated by a reliance on manual processes to move information that’s still common across defence departments and military organisations. Both issues are tied to the common structural mismatch between mission needs and existing security architectures.
Interoperability as strategic necessity
Delays in data sharing, incompatible systems, and manual workarounds create the exact conditions that allow interception, manipulation, or disruption of critical information flows. 54 percent of security leaders cite data tampering or theft as the most serious consequence of insecure transfer, while insider threats and human error amplify exposure. In highly classified environments, a single compromised credential or mishandled file can cascade across coalition networks, undermining intelligence, operational readiness, and mission assurance.
It’s therefore not an acceptable trade-off for increased data sovereignty to come at the cost of increased data sharing friction. But this doesn’t speak to anything intrinsically wrong with data sovereignty. Those efforts are crucial; we need to strive for security architectures that cater for both needs.
The journey towards a Zero Trust Architecture (ZTA) is currently one of the most pervasive security architecture transformation activities across commercial, government and defence organisations. Key enablers of the ZTA journey are complete knowledge of all of the data and services in the enterprise, full awareness of all the users (and processes) in the enterprise, and the ongoing validation and revalidation of every request by a user to access a service or data.This can lead to an “introspective” perspective on the ZTA journey.
This means reassessing the Zero Trust Architecture (ZTA) that’s commonplace across national security organisations. Zero Trust’s foundational principle (never trust, always verify) is essentially a sovereignty mechanism. Data stays where it should, access is auditable, and boundaries are enforced. In isolation, however, ZTA implies mechanisms for data sharing but does not provide clarity on how to define and use those mechanisms in the context of complex interoperability and collaboration. We’re now getting to the critical friction point that has to be resolved.
Balancing sovereignty and agility
Doing so requires the enforcement of sovereignty through secure, policy-driven dataexchange. This is where an integrated model combining ZTA, Data-Centric Security (DCS), and Cross-Domain Solutions (CDS) becomes essential.
Zero Trust provides the foundation, ensuring that no user or system requesting access to services and data is trusted by default. DCS builds on this with classification, labelling, and policy enforcement to ensure the sharing enabling attributes of all data travel with data across domain boundaries. This enables trusted access while preserving sovereignty across systems and partners. CDS then provides the necessary mitigations of risk associated with those partner system connections, and the movement of data into the enterprise. Together these enablers provide the operational capacity to share data between networks with different classifications, enabling high-speed, policy-enforced data exchange without compromising isolation or integrity.
Coalition environments expose a particularly challenging edge case for any security architecture. When data must move between allied nations’ networks, the assumptions underpinning isolated Zero Trust begin to fail. Carefully implemented DCS addresses some of these failures. CDS further addresses this by enforcing security throughout the data lifecycle, including at the domain boundary itself, through hardware-level protocol breaks and content reconstruction, so data can cross between allied networks without either party needing to extend trust into the other’s estate. What crosses the boundary is a verified, policy-governed output that the receiving domain can handle safely. The result is interoperability at mission speed, without the sovereignty trade-off that coalition data sharing has historically demanded.
Integration is critical. ZTA, DCS, and CDS must be designed to work together. Implemented in isolation, each has limitations; combined, they enable secure and scalable collaboration, delivering both agility and sovereignty.
From constraint to capability
The tension between data sovereignty and agile data sharing is often framed as a trade-off. In reality, it is a design challenge shaped by the demands of a heavily contested digital battlespace. Organisations that fail to tackle, and solve, that challenge face degraded mission assurance and weakened coalition effectiveness. In an environment where adversaries actively exploit fragmentation, the cost of inaction is a strategic disadvantage.
The path forward is clear. Security must move beyond perimeter-based models towards architectures that treat data as the central asset. Policy-driven interoperability, supported by modern cross-domain capabilities and reinforced by data-centric protection, allows nations to share mission-critical information quickly, safely, and reliably. Zero Trust alone is no longer sufficient, but combined with DCS and CDS, it forms the foundation for a sovereign yet agile security posture.
By adopting this integrated approach, governments and defence organisations can transform sovereignty from a constraint into an embedded aspect of data security without any contradictions. That’s a welcome respite in an increasingly complex digital battlefield.
