Why national security needs a different approach
Cloud-based communication platforms like WhatsApp, Microsoft Teams, Signal or Zoom are widely adopted and generally considered “secure enough” for everyday enterprise collaboration. For defence organisations, and other sensitive areas, that assumption does not hold.
Modern SaaS platforms require organisations to entrust their communications to vendor-controlled cloud services, frequently operated under foreign jurisdictions. In a defence context, where communications are intrinsically tied to national security and operational integrity, this loss of control is not a theoretical concern. It is a structural risk.
At the same time, commercial vendors continue to prioritise cloud-first offerings, leaving self-hosted and on-premise systems to stagnate. The result is familiar across defence environments; outdated, siloed communication platforms that no longer reflect how people actually need to work. Email remains the backbone of communication in many organisations, despite being ill-suited to real time coordination or sensitive operational use.
When official tools fall behind, shadow IT fills the gap
Where sanctioned communication tools fail to meet user needs, unofficial alternatives inevitably emerge. Consumer messaging apps such as WhatsApp, Telegram and Signal have quietly become commonplace within defence organisations, used for both professional and personal communication. This behaviour is rarely malicious. More often, it reflects a lack of suitable alternatives being made available. Simply banning these tools is rarely effective. They are intuitive, habitual, and deeply embedded in daily communication.
The challenge for defence organisations is not simply to prohibit the use of consumer messaging, but to offer an alternative that is just as usable and meets the requirements of the organisation; digitally sovereign, enterprise-grade and secure.
The challenges caused by centralised, vendor-controlled system
Consumer messaging apps are often seen as secure because they highlight end-to-end encryption. In reality, organisations have little control over the service itself, the influences it’s under or how data is governed. Centralised vendor-controlled architectures offer limited oversight, minimal auditing, and create single points of failure.
These risks are not theoretical. When an AWS datacentre in Northern Virginia failed, for example, hundreds of thousands of organisations - including Signal, Slack and Zoom - went offline showing how a single third-party failure can disrupt critical operations. For defence organisations, this highlights the operational risk of relying on cloud systems that cannot be governed, controlled or independently hosted.
A decentralised model for sovereign communications
In a volatile world, defence organisations require communications systems that are sovereign, resilient and fully under their control - while remaining able to connect with trusted partners. Achieving this demands a fundamentally different architectural approach.
A decentralised structure allows each organisation or nation to operate its own infrastructure under complete legal and operational control. It also provides a robust and resilient network that guards against global outages.
To make such a system practical, decentralised communication should be underpinned by an open standard to enable separate deployments to interoperate. Vendor-neutral federation allows each organisation - such as multiple allied forces - to maintain its own infrastructure while communicating multilaterally when and where it wishes across multinational operations.
An open standard for decentralised communications
Matrix is the leading open standard for secure, decentralised communication. Governed by the independent Matrix.org Foundation, it provides a common protocol designed from the outset to support sovereignty, interoperability and end-to-end encryption.
Rather than locking organisations into proprietary platforms, Matrix enables a diverse ecosystem of interoperable clients and servers, making it possible for defence organisations and partner forces to collaborate securely while retaining full control over their own systems. This approach has driven rapid adoption across government and defence, where control and transparency are non-negotiable.
From protocol to platform
In practice, a defence-grade Matrix deployment combines a secure, user-friendly messaging client with an enterprise-grade backend - such as Element Server Suite Pro - that provides identity management, auditing and controlled federation. This foundation enables modern, real time communication without compromising ownership or control.
This model is already proven. NATO ACT’s NI2CE Messenger demonstrates how decentralised, sovereign messaging can be deployed at scale, supporting secure BYOD communication while retaining organisational oversight and trust. Built on the Element client and powered by Element Server Suite Pro, NI2CE shows what is possible when secure communications are designed for the realities of defence.
The way forward
Defence organisations face a clear choice: continue relying on ageing systems and unsanctioned consumer apps, or adopt a communication model designed for sovereignty, security and interoperability from the ground up.
Our whitepaper explores how decentralised communications enable defence organisations to modernise securely, reduce shadow IT, and regain control over their communications infrastructure. It also includes a decision making tree on methods and options on how to create your own sovereign and secure messenger.
New whitepaper
Real time communication is mission-critical, but legacy systems and consumer apps put defence operations at risk.
Download
