Key takeaways
- The Data Strategy for the Alliance, approved in February 2025, names data-centric security as one of five pillars and calls for shared data to be protected "at source" under rules the originator defines.
- The strategy’s 2030 goal is an Alliance Data Sharing Ecosystem built on federated data meshes, in which allies retain control over their data even as it moves between nations.
- Originator control over a file that has already been shared cannot be enforced at a network perimeter. It requires policy evaluated where the file lives, on every operation, against attributes like nationality, clearance, and dissemination markings.
- Standardized metadata (STANAG 5636) only changes outcomes if something enforces the labels. Label-aware access control and an immutable record of every operation are what turn the strategy’s principles into evidence.
In February 2025 NATO approved the Data Strategy for the Alliance, its blueprint for becoming a data-centric organization. The target is dated and specific: by 2030, an Alliance Data Sharing Ecosystem connected through the NATO Digital Backbone, where quality data moves between allies and communities instead of sitting in isolated repositories. The strategy rests on five pillars, and the third is the one storage and security architects should read twice. Data-centric security, as the strategy defines it, means shared data is protected at source, with allies and the NATO enterprise controlling their data under rules the originator sets.
Read that closely and the size of the demand becomes clear. NATO is asking for more sharing than the Alliance has ever done and undiminished national control at the same time. Thirty-two allies, each with its own infrastructure, laws, and classification practices, are being asked to publish data into federated data meshes while retaining authority over who touches it, forever, wherever it goes.
The sovereignty trade-off is a network-era artifact
For most of the digital era, coalition data sharing has been a choice between two failure modes. Guard the data inside national enclaves and you get sovereignty with silos: the French system cannot see what the Polish system knows, and the intelligence picture fragments along infrastructure boundaries. Open the enclaves to each other and you get sharing with surrender, because once a file crosses into another nation’s network, the originator’s control ends at the border it just crossed.
Coverage of the strategy makes the intended resolution explicit. At AFCEA’s TechNet International 2026 in Brussels, reported in SIGNAL, practitioners described the goal as interoperable data-centric security: every nation keeps its own infrastructure, and data moves between them in a trusted way. The trade-off between sovereignty and interoperability turns out to be an artifact of where enforcement lives. If policy is enforced at the network perimeter, sharing and control are opposites. If policy travels with the data and is enforced wherever the data is stored and served, the same file can be in five national systems under one originator’s rules.
What "protected at source" requires mechanically
Strip the policy language away and the strategy is describing a specific enforcement architecture. A file shared under originator-defined rules needs those rules evaluated every time any session touches it, not once at share time. That is attribute-based access control in the data path: nationality, coalition membership, clearance, program affiliation, and the file’s own dissemination markings (REL TO, NOFORN, and their kin) checked on each read and write, at the storage system serving the file over SMB, NFS, S3, and Web Drive.
The strategy also mandates standardized metadata through STANAG 5636 so data is discoverable across federated catalogues. Labels are the necessary first half of that architecture. The half that decides outcomes is whether anything enforces them at the moment of access, which is why label-aware enforcement at the storage layer matters more than any tagging exercise on its own.
Then there is the strategy’s requirement that shared data remain trusted and secure across its lifecycle. Between 32 allies, trust is not a posture, it is a record. An immutable, per-operation audit trail is what lets an originator verify, rather than hope, that its rules were honored: which sessions read the file, under which attributes, in which nation’s infrastructure.
One solution will not cover every facet of the mission
Enforcement also has to survive contact with the mission’s performance envelope. Alliance data is not all documents on file shares. A great deal of it is sensor output, video, and telemetry operated on in high-performance, low-latency streaming environments, where a policy check that adds seconds of delay is a policy check that gets bypassed. How data is operated on in those workloads needs protection just as much as the file estate does, and it needs protection at the speed the mission runs.
That reality points to a portfolio rather than a single product. Different solutions will need to come together to support data protection for every facet of the mission: primary file estates, streaming and edge workloads, archives, and the exchanges between them. The seams are hardest at domain boundaries. Moving data between classification levels and between national domains still runs through cross domain solutions, and there are real technical and policy challenges to overcome there: accreditation timelines, one-way transfer constraints, and release rules that differ from ally to ally.
The 2030 clock reaches further than NATO
Alliance strategies do not stay inside alliance headquarters. The pattern is familiar from CMMC: requirements written for a community flow down to the national programs, mission partners, and industrial-base contractors who build and operate alongside it. A 2030 ecosystem of originator-controlled sharing implies procurement language about data-centric security arriving in national and industry programs well before 2030.
Organizations that operate mission partner environments are already living the preview. A coalition MPE with per-partner storage silos is the small-scale version of the problem NATO just committed to solving at Alliance scale, and the answer is the same shape: shared infrastructure, attribute-based enforcement per file and per operation, and an audit record every partner can trust.
And none of this waits for 2030, because the threat has not waited. External advanced persistent threats work coalition networks today, and the credentialed insider remains one of the hardest problems in any classified environment. Allies want their data protected regardless of where it exists. That is where BrickStor SP, a Cyberstorage solution, earns its keep: Active Defense watches every file operation and terminates a session the moment it starts behaving like an adversary, while cyber vaulting keeps an immutable copy beyond the reach of whatever got in. The strategy has, in effect, stated the exam question for the next decade of defense data architecture. Who can share everything the mission needs while surrendering control of none of it?
Frequently asked questions
- It means protection is attached to the data itself rather than to the network around it. Policy is evaluated at the point of access, on every operation, using attributes of the user, the session, and the data’s own labels. A network-centric model asks whether you are inside the trusted boundary; a data-centric model asks whether this specific access, right now, satisfies the rules the data’s originator defined.
- Not directly today, but alliance-level requirements have a history of flowing down, as CMMC did from DoD policy to contract clauses. A 2030 target for federated, originator-controlled data sharing suggests that data-centric security language will increasingly appear in national and industry procurement for systems that touch coalition data.
- It is the strategy’s 2030 end state: a federated environment, connected through the NATO Digital Backbone, in which allies and NATO bodies publish, discover, and exploit data collaboratively, including for AI and machine learning, while each ally retains control over the data it originates.
- A STANAG, short for Standardization Agreement, is the mechanism NATO uses to make a standard binding across the Alliance: member nations commit to implement a common specification or procedure so their forces and systems interoperate. The data strategy leans on this machinery, most visibly STANAG 5636, which standardizes the metadata that makes shared data discoverable across federated catalogues.
- ACP 240 is an Allied Communications Publication that specifies how data-centric security is implemented for coalition sharing. Developed in the Five Eyes communications standards community (the Combined Communications-Electronics Board) rather than as a NATO STANAG, it defines how a data object carries its own protection: encryption, standardized confidentiality labels, and attribute-based access policy bound to the data itself, so enforcement holds wherever the object travels. It is an implementation layer beneath the kind of originator-controlled sharing NATO’s strategy describes, and the storage serving that data is where its labels and policies have to be honored.
Sources
Go deeper
