The NIST document says geolocation calls for determining the appropriate physical location of an object, such as a cloud computing server. NIST says while this can be accomplished in "many ways, with varying degrees of accuracy," the "traditional geolocation methods are not secured and they are enforced through management and operational controls that cannot be automated and scaled, and therefore traditional geolocation methods cannot be trusted to meet cloud security needs."
NIST states in its document that the automated hardware-based root-of-trust method for enforcing and monitoring geolocation restrictions for cloud servers is based on the idea that the user organization can set up unique identifier and platform metadata stored in tamperproof hardware as a way of confirming the location of a host.
The NIST document details how to set up the Intel-based TXT hardware components as well as VMware ESX clusters along with the RSA Archer eGRC governance and compliance management console, which presents a dashboard view of "trusted pools" and "untrusted pools."
NIST says, "the ultimate goal is to able to use trusted geolocation for deploying and mitigating cloud workloads between cloud servers within a cloud."
The approach based on hardware-assisted geolocation means, for example, that "you can say the workload is required to remain in the U.S. as long as the environment can enforce those labels," said HyTrust CTO Prafullchandra. She noted it's a way to have platform integrity and workload classification and placement based on data jurisdictions around the world.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org.