Element

Element provides digitally sovereign, decentralized, and secure communications built on the Matrix open standard—the same protocol its leadership team created and continues to govern. Trusted by defense, intelligence, and government agencies in over 35 countries—including the German Bundeswehr, NATO ACT, the U.S. Department of Defense, and the United Nations—Element offers end-to-end encrypted messaging, voice, video, and file sharing with self-hosted options that meet the strictest national sovereignty requirements. The Element Server Suite (ESS) delivers enterprise-grade identity management, group-synchronized access control, and audit logging to support organizations operating at the highest security levels.

The Virtru Data Security Platform brings fine-grained data governance to Element's sovereign communications. By integrating Element's messaging fabric with Virtru’s Policy Decision Point (PDP) and Trusted Data Format (TDF), organizations gain persistent, attribute-based access controls for all group memberships and shared files. During user interaction, the PDP assesses real-time entitlements—such as security clearance, program assignment, and nationality—to provide instant access decisions. Additionally, files are wrapped in TDF before transmission, ensuring governance remains active throughout the file lifecycle and across all replication points.

This partnership centers on two unique integration points:

• Homeserver Policy Enforcement Point for Group Access: Element’s Policy Enforcement Point (PEP) operates alongside the Element Homeserver, implementing the Matrix Policy Server protocol (Matrix Spec Change 4284). When a user joins a group, the PEP validates the request against the Virtru PDP using entitlements like clearance level and program assignment. If an analyst’s clearance expires or a user changes programs, updates propagate from the identity provider to the Virtru platform, triggering Element to automatically revoke access—typically within minutes. This continuous validation eliminates the gaps often found in static group membership models.
• ZTDF File Protection Across Federation Boundaries: Files shared within Element are wrapped in Zero Trust Data Format (ZTDF), which cryptographically binds access policies to the file object itself. As files replicate across federated homeservers, embedded policies are re-evaluated at every open attempt, regardless of the destination server. If a coalition mandate expires or a program assignment changes, file-level access policies update instantly across all homeservers. This persistent governance ensures that data protection travels with the data rather than relying on network boundaries.

Virtru preserves Element’s infrastructure, group structures, and identity configurations while adding a crucial governance layer. This allows organizations to maintain sovereign communications while achieving rigorous, continuous data security.

• Policy-enforced group access automatically validates group membership against real-time identity entitlements to ensure seamless updates when clearance levels or program assignments change.
• Persistent ABAC at the file layer wraps sensitive files in Trusted Data Format (TDF) to enforce persistent, attribute-based access controls that remain with the data across any environment.
• Federated policy enforcement maintains consistent governance across complex networks by instantly re-evaluating access policies whenever user entitlements shift without manual intervention.
• Fail-secure design blocks users lacking valid entitlements from group entry while ensuring existing access remains static rather than permissive during data outages.
• Decision-level audit logs capture comprehensive audit trails for every security decision, including group joins, file interactions, and access denials, to support national security oversight.
• Matrix standards contribution leverages the Matrix Policy Server protocol (Matrix Spec Change 4284) to seamlessly connect Element's messaging fabric to Virtru's central policy decision point.

Deploying fine-grained data governance at the message and file layer in an Element environment requires active deployments of both platforms, a configured Homeserver Policy Enforcement Point, and an authoritative Identity Provider sourcing the entitlements that govern access decisions.

• Element Server Suite (ESS) — provides the Element Homeserver managing user accounts, groups, and messages, and the Element Clients that users interact with; supports on-premises, sovereign cloud, and air-gapped deployment across national classified networks and partner federation environments
• Homeserver Policy Enforcement Point (Homeserver PEP) — the Element-side integration component deployed alongside the Homeserver that evaluates every group join request against the Virtru PDP before access is granted; implements the Matrix Policy Server protocol (Matrix Spec Change 4284)
• Virtru Data Security Platform — customer VPC or on-premises within the accreditation boundary; serves as the Policy Decision Point evaluating group access requests from the Homeserver PEP, and as the Key Access Service evaluating the access policy embedded in ZTDF-wrapped files at every open attempt across every homeserver where those files replicate
• Authoritative Identity Provider — Microsoft Entra ID, Ping Identity, or equivalent OIDC/OAuth2-compatible identity system holding clearance, program assignment, department, and nationality attributes the PDP evaluates at every access decision
• ABAC policy definition — per-group entitlement policy defined by authorized administrator and referenced by the PDP at every group access and file access decision
• Network connectivity — between Virtru Data Security Platform and Element homeserver services, within the accreditation boundary; the Homeserver PEP transmits only the minimum data required for each policy decision and receives an Allow or Deny

Security Architecture

The joint solution secures data by enforcing a strict separation of duties across all layers. While the Element Homeserver manages user accounts, groups, and messaging, the Homeserver Policy Enforcement Point (PEP) acts as an intermediary, intercepting group join requests and validating them against the Virtru PDP before granting access. Entitlement values are sourced exclusively from the organization's Identity Provider; the Virtru PDP receives only the minimum data required to issue an "Allow" or "Deny" decision, ensuring that no sensitive entitlement data is ever stored within the Element environment.

For file security, ZTDF cryptographically binds access policies directly to each object at the moment of sharing. Because policies are embedded within the file, the Virtru Key Access Service re-evaluates them at every open attempt—even as files replicate across federated homeservers—ensuring persistent governance regardless of the destination.

The system is designed to fail secure: users without valid entitlements are denied group access, and in the absence of entitlement data, existing memberships remain unchanged. Similarly, file access is denied if entitlement values are missing or incomplete, preventing any permissive fallback.

Compliance & Standards

This integration aligns with NIST SP 800-162 for attribute-based access control and NIST SP 800-207 for Zero Trust Architecture, while incorporating STANAG 4774 security labels to support NATO coalition operations. By connecting Virtru’s data governance layer to these frameworks, the solution ensures interoperability across classified allied environments.

The architecture is built on open standards: Virtru’s Trusted Data Format (TDF) and OpenTDF—evolved from NSA-developed technology—provide persistent protection, while Element leverages the Matrix open standard for decentralized communication. By implementing Matrix Spec Change 4284, the Homeserver PEP directly contributes to this open ecosystem.

Privacy & Data Sovereignty

Identity sovereignty is preserved by keeping entitlements within your organization's existing IdP. The Virtru Data Security Platform evaluates these entitlements from any OIDC/OAuth2-compatible source, with the Homeserver PEP transmitting only the minimum data necessary for each decision. No raw entitlement values persist in the Element environment. Furthermore, because ZTDF binds access policies to the data object itself, enforcement occurs at the Key Access Service layer, ensuring file governance persists across federation boundaries without storing policy logic on partner homeservers.