NIST building model for trusted IaaS
- By Gov Cloud Insider Staff
The National Institute of Standards and Technology has begun work on a practice guide for VMware hybrid cloud infrastructure-as-a-service environments.
The plan is to develop a cybersecurity reference design that can help increase security and privacy of cloud workloads on hybrid cloud platforms. NIST will demonstrate how trusted compute pools can not only assure that workloads in the cloud are running on trusted hardware in a trusted geolocation, but also improve the protections for the data within workloads and flowing between workloads.
The agency's National Cybersecurity Center of Excellence is developing a trusted cloud solution that will leverage commercial off-the-shelf technology and cloud services to lift and shift a typical multi-tier application between an organization-controlled private cloud to a hybrid/public cloud over the internet.
A consortium consisting of DellEMC, Gemalto, Hytrust, IBM, Intel, RSA and VMware are working with NIST to build this example solution.
Such a solution would help organizations – especially those in regulated sectors -- monitor, track, apply and enforce security and privacy policies on their cloud workloads in a consistent, repeatable and automated way. They would be able to maintain consistent security and privacy protections, dictate how different information is protected and retain visibility into how their information is protected to ensure consistent compliance with legal and business requirements.
Comments on the preliminary draft of the executive summary are due Sept. 30.