The case for dynamic security solutions in public cloud workflow deployments

Many enterprises are currently exploring the potential cost benefits of running applications in public clouds. Enterprises often have global security policies to ensure that its information management conforms to business rules and legal mandates. The location of data storage and application execution therefore becomes a critical issue. The prevalence of Service Oriented Architectures (SOA) means that applications are often composed from a set of services which form a workflow. The concept of running workflow instances on public cloud processing platforms is in its infancy. The scientific community still needs to define the security issues in public cloud workflow deployment and the requirements of possible solutions that will deal with those concerns. This paper aims to address this by exploring the current information security issues of public cloud workflow deployment within an enterprise setting and by identifying core requirements of solutions needed to deal with these challenges. We argue that enterprises would benefit from an automated and dynamic approach when selecting where to execute workflows and store data. This approach would choose what workflows, or subsets of workflows, can be executed in a public cloud environment while ensuring that enterprise security and compliance needs are met.