The next big idea coming out of the USA's IARPA program is "High CLaaS" - classified as a service. The big challenge is to provide a security specification for isolation and custody that can be measured by CSPs when providing a service. IARPA is suggesting to create isolation boundaries around server nodes using Bare metal as a service (BMaaS). Oracle, IBM, and AWS already provide BMaaS but what remains to be seen from IARPA is how they plan to measure isolation. Thoughts?