I can’t tell you how excited I am that my name is on this NIST document. I was working with my wonderful friend Tarik without knowing that this is what it would turn in to. Now let’s talk about it…
The abstract for the document : This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the proof of concept implementation so that organizations can reproduce it if desired. The publication is intended to be a blueprint or template that can be used by the general security community to validate and implement the described proof of concept implementation.
Why am I so grateful to have my name attached to this document? Because it is implementing additional security measures that encourage the fact that security in the cloud is possible and not in the old fashion sense of the word. In the physical world security meant a lot of things and yes we didn’t need geolocation because everything was physical… but then virtualization came in to our life. Now the capabilities are almost endless. Then everyone started getting nervous because we weren’t looking at servers with applications… we were looking at servers that held multiple applications and within minutes those applications could be states away… scary!
Using this NIST report as guidance within your data center allows you to “use trusted geolocation for deploying and migrating cloud workloads between cloud servers within a cloud”. Using the Intel TXT capabilities and RSA Archer obviously gives you the trust and visibility into the capability. You can’t ignore the fact that this capability is changing the “fear of the cloud” landscape. I thank NIST for taking this step. I thank them for realizing that taking the first step is all it takes. You have to read this document, it shows you that security in the cloud is possible… what is better than that?