Data-centric security and NATO confidentiality labelling: Securing information in modern defence networks

Traditional security models were built around perimeter defence, meaning that if a network was secure, the data inside it was assumed to be secure as well. Today, this model is increasingly insufficient. Modern defence environments rely on distributed systems, coalition networks, and mobile operational platforms. Once data leaves its original network boundary, traditional protections may no longer apply.

Data-Centric security changes this model by embedding security controls directly into data objects. Each data element carries metadata describing its classification level, handling instructions, and permitted access groups. This ensures that protection travels with the data, regardless of where it is stored or transmitted.

NATO increasingly treats data as a strategic operational resource and aims to achieve “information superiority” by ensuring data is available, trustworthy, and secure at all operational levels. Within coalition operations, this is particularly important, as NATO operations routinely involve dozens of nations, each with its own classification systems and security policies. Without standardised, machine-readable security frameworks, sharing information safely and efficiently becomes extremely difficult.

The role of STANAG 4774 and 4778 in NATO Data Security

NATO has developed confidentiality labelling standards defined in STANAG 4774 and STANAG 4778. Together, these standards enable consistent and automated security enforcement across multinational systems.

STANAG 4774 defines the structure and syntax of confidentiality metadata labels. These labels attach classification information and policy constraints directly to data objects. For example, labels can define classification levels, apply release restrictions to specific nations or organisations, and set lifecycle rules such as review or expiry dates. These labels serve as digital equivalents of physical document markings in machine-readable format, enabling automated systems to enforce access controls without requiring manual review or interpretation.

STANAG 4778 complements this by defining how these labels are securely bound to data. This includes mechanisms for cryptographic integrity protection and digital signatures, ensuring that the data and its security label cannot be altered without detection.

Together, these standards support Confidentiality Metadata-Based Access Control (CMBAC), so that when a user or system requests access to data, their credentials are automatically compared to the data’s label. Access is granted only if policy rules are satisfied.

In coalition environments, this provides major advantages:

• Automated enforcement of national security caveats
• Reduced risk of accidental data leakage
• Faster decision-making through controlled data sharing
• Consistent handling across multiple IT systems

Advancing interoperability through CWIX

Technical standards alone are not enough: NATO must ensure these technologies function effectively in real-world coalition environments. This is where interoperability exercises such as the Coalition Warrior Interoperability Exercise (CWIX) play a critical role.

CWIX is NATO’s premier annual interoperability testing event, bringing together thousands of engineers, operators, and technical specialists from NATO, partner nations, and industry to test real systems under realistic conditions. The exercise focuses on ensuring digital interoperability, the ability for allied systems to work together seamlessly from the start of a mission.

Recent exercises have involved thousands of participants and hundreds of systems undergoing tens of thousands of technical tests across multiple operational domains. CWIX provides a controlled environment for testing, refining, and validating systems before deployment. Nations and vendors collaborate in rapid “test–fail–fix” cycles to identify and resolve interoperability challenges early. This approach reduces operational risk and ensures coalition forces can exchange data securely and reliably in real-world missions.

CWIX also plays a strategic role by supporting NATO’s digital transformation and enabling experimentation with emerging technologies, including AI-enabled systems, cross-domain data sharing, and next-generation command-and-control architectures.

As NATO increases its focus on data-centric security, technology providers are under growing pressure to demonstrate alignment with emerging standards. Isode is positioning its portfolio to support NATO’s evolving approach to confidentiality labelling and metadata-driven access control.

Isode is a UK-based software company specialising in secure communications and directory technologies for defence, government, and critical national infrastructure. The company’s solutions support mission-critical messaging, identity management, and information exchange in environments where interoperability, standards compliance, and high assurance are essential. With a long history of working alongside NATO and allied organisations, Isode focuses on enabling secure, standards-based data sharing across complex coalition networks.

The introduction of STANAG 4774 and STANAG 4778 is part of a broader push to improve the handling of sensitive information across coalition environments. These standards are moving from recommended practice toward becoming required for mission-critical software deployments, making early compliance an important differentiator. Isode is responding by building support for these standards across its product range. Some products already incorporate the required capabilities, while others are currently being updated, with full alignment expected in the near term. This broad integration effort is intended to ensure that access to information is controlled by the data itself rather than relying solely on the security of the surrounding infrastructure.

The company also emphasises its maturity in this area. Isode is among a small number of vendors currently positioned to align closely with the new NATO requirements, giving it an opportunity to move ahead of the curve as the standards become more widely mandated.

Validation through interoperability testing remains a key part of this strategy. Isode has participated in NATO’s Coalition Warrior Interoperability Exercise (CWIX) for approximately a decade, using the event to test prototype capabilities and ensure systems function as intended in multinational environments. Recent CWIX activities have included a strong focus on data-centric security, reflecting growing interest from NATO and the NATO Communications and Information Agency (NCIA).

Military messaging

Isode’s Harrier client supports military messaging using SMTP, STANAG 4406 and ACP 127, while the wider Isode messaging stack is built to handle formal military traffic, routing, profiling and interoperability with partner systems.

In a data-centric model, the significance of that messaging infrastructure is that messages are no longer treated as neutral payloads moving inside a trusted domain. Instead, security labels and associated clearance checks determine who may read, route or forward a message. Isode describes this in terms of Confidentiality Metadata-Based Access Control, or CMBAC, where delivery decisions are driven by the label attached to the message and the clearance of the user, mailbox or communications channel.

That is particularly relevant in coalition settings. According to Isode, M-Switch can map between STANAG 4774 labels and other label formats, and can also use labels and clearances to determine the appropriate transmission path. This means a message’s classification, releasability markings and policy constraints can shape whether it is delivered and how/where it is transmitted.

XMPP

Isode also brings the same security logic to XMPP, the open standard used widely in military chat and presence environments. 

XMPP is valuable because it supports low-latency communication without forcing every participant into a single centrally managed system. Isode’s work here focuses on ensuring that chat messages and related XMPP traffic can be labelled, checked and filtered in line with security policy rather than treated as uncontrolled conversational data.

Cross-domain guards

Isode’s cross-domain architecture centres on M-Guard, an XML guard operating as an application-level data diode, alongside edge components such as M-Switch Edge and M-Link Edge. Those products are used to validate traffic, constrain permitted message structures and enforce security-label checks at the boundary. 

Rather than applying only coarse network-level separation, the guard layer can inspect the structure of the content and the labels associated with it. This allows coalition data-sharing rules to be enforced with much greater precision, including exact matching of allowed labels, policy transformation between domains, and tighter control over which data objects may cross which boundary.

As military operations increasingly rely on cloud infrastructure, AI decision-support systems, and real-time coalition data sharing, controlling access at the data level will be essential. Instead of securing systems and hoping data remains protected, modern architectures assume data will move across environments, and must therefore protect it wherever it exists.

For defence organisations preparing for tighter data governance requirements, this combination of standards alignment and sustained interoperability testing highlights the increasing importance of practical, coalition-ready implementations. As NATO continues to formalise its data-centric security posture, vendors able to demonstrate early and comprehensive alignment are likely to play a significant role in supporting next-generation secure information-sharing architectures.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.