NIST Releases IR 8505, A Data Protection Approach for Cloud-Native Applications

NIST has published Internal Report (IR) 8505, A Data Protection Approach for Cloud-Native Applications, which outlines a practical framework for effective data protection using the capabilities of WebAssembly (WASM) — a platform-agnostic, in-proxy approach with compute and traffic processing capabilities that can be built and deployed to execute at native speed in a sandboxed and fault-tolerant manner.

In the constantly evolving landscape of cloud-native application architectures, where data can reside both on-premises and on the cloud, ensuring data security involves more than simply specifying and granting authorization during service requests. It also involves a comprehensive strategy to categorize and analyze access and leakage as data travels across various protocols (e.g., gRPC, REST-based), especially within ephemeral and scalable microservices applications.

Data in transit is one of the three states of digital data, according to the NIST Cyber Security Framework (CSF) 2.0. Hence, in addition to techniques for protecting data at rest (e.g., regular expressions), it has become essential to develop in-transit categorization that performs real-time analysis to actively monitor and secure data as it moves across services and network protocols.

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: nistir-8505-comments@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov