In cloud environments, workloads are constantly being spun up, scaled out, moved around, and shut down. Organizations often find adopting cloud technologies is not a good business proposition because they encounter security and privacy issues, such as the inability to maintain consistent protections across platforms, dictate how different information is protected, and have visibility into how information is protected to ensure compliance with requirements. Many organizations face additional challenges because security and privacy laws vary around the world, and the dynamic nature of cloud means that workloads may silently move from one jurisdiction to another. The NCCoE has developed two trusted cloud projects and supported resources that are dedicated to helping solve these challenges.

If you have questions or suggestions, please email the project team at trusted-cloud-nccoe@nist.gov.

Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

Exploring methods to better secure cloud workloads in hybrid cloud IaaS environments. Learn more about this project.

Security Practice Guide for Windows Private Cloud Infrastructure as a Service (IaaS) Environments

Exploring methods to better secure cloud workloads in private cloud IaaS environments. Coming soon. 

Supported Resources

Hardware Enabled Security for the Server Platform - A Layered Approach to Platform Security by Leveraging Hardware Security Mechanisms for Cloud and Edge Computing Use Cases

In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation to any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides initial protections to help ensure higher-layer security controls can be trusted. This white paper explains hardware-based security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.

NISTIR 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation

This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the proof of concept implementation so that organizations can reproduce it if desired. The publication is intended to be a blueprint or template that can be used by the general security community to validate and implement the described proof of concept implementation.

Draft NISTIR 8320A Hardware-Enabled Security: Container Platform Security Prototype

In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted.

This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a proof-of-concept implementation of the approach—a prototype—that is intended to be a blueprint or template for the general security community.

The public comment period for this draft NISTIR is now open through January 29, 2021. You can submit comments online or via email to hwsec@nist.gov.