Trusted Cloud

In cloud environments, workloads are constantly being spun up, scaled out, moved around, and shut down. Organizations often find adopting cloud technologies is not a good business proposition because they encounter security and privacy issues, such as the inability to maintain consistent protections across platforms, dictate how different information is protected, and have visibility into how information is protected to ensure compliance with requirements. Many organizations face additional challenges because security and privacy laws vary around the world, and the dynamic nature of cloud means that workloads may silently move from one jurisdiction to another. The NCCoE has developed a trusted cloud project and supported resources that are dedicated to helping solve these challenges.

If you have questions or suggestions, please email the project team at trusted-cloud-nccoe@nist.gov.

Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

Exploring methods to better secure cloud workloads in hybrid cloud IaaS environments. Learn more about this project.

Supported Resources

Draft NISTIR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation to any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. 

This report explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing. Draft NIST IR 8320 replaces the draft cybersecurity white paper, Hardware-Enabled Security for Server Platforms, which was released in April 2020. It has been updated to include some additional capabilities and examples of technology.

The public comment period for this draft NISTIR is now open through June 30, 2021. You can submit comments online or via email to hwsec@nist.gov.

 

NISTIR 8320A Hardware-Enabled Security: Container Platform Security Prototype

In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted.

This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a proof-of-concept implementation of the approach—a prototype—that is intended to be a blueprint or template for the general security community.

 

NISTIR 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation

This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the proof of concept implementation so that organizations can reproduce it if desired. The publication is intended to be a blueprint or template that can be used by the general security community to validate and implement the described proof of concept implementation.