How to ensure trusted geolocation of data in the cloud

Grazed from GNC.com. Author: William Jackson.

The National Cybersecurity Center of Excellence still is ramping up to full operational capability, but it has collaborated with industry to produce a scheme for ensuring trusted geolocation of work being done in the cloud. This first product was published as an interagency report by the National Institute of Standards and Technology to address the challenges presented when sensitive applications or computing jobs are moved into a cloud where the user does not have direct control of the infrastructure.

“We have released a demonstration of how the end user can validate that the workload is in a secure location, and trace it through a hardware root of trust,” said Nate Lesser, deputy director of the NCCOE. The draft report, “Trusted Geolocation in the Cloud: Proof of Concept Implementation,” is an example of the solutions to security challenges faced by government and industry that the center of excellence will produce. The center focuses on implementing existing technology rather than developing new ones…

The proof of concept provides a template that can be used by the general security community, with enough details so that it can be reproduced. “Shared cloud computing technologies are designed to be very agile and flexible, transparently using whatever resources are available to process workloads for their customers,” the report says in outlining the problem. “However, there are security and privacy concerns with allowing unrestricted workload migration.”…

Read more from the source @ http://gcn.com/articles/2013/04/30/ensure-trusted-geolocation-cloud.aspx