NIST states in its document that the automated hardware-based root-of-trust method for enforcing and monitoring geolocation restrictions for cloud servers is based on the idea that the user organization can set up unique identifier and platform metadata stored in tamperproof hardware as a way of confirming the location of a host.
The NIST document details how to set up the Intel-based TXT hardware components as well as VMware ESX clusters along with the RSA Archer eGRC governance and compliance management console, which presents a dashboard view of "trusted pools" and "untrusted pools."
NIST says, "the ultimate goal is to able to use trusted geolocation for deploying and mitigating cloud workloads between cloud servers within a cloud."
The approach based on hardware-assisted geolocation means, for example, that "you can say the workload is required to remain in the U.S. as long as the environment can enforce those labels," said HyTrust CTO Prafullchandra. She noted it's a way to have platform integrity and workload classification and placement based on data jurisdictions around the world.
Sign up for Computerworld eNewsletters.