Enterprises are rapidly migrating or creating workloads of all levels of criticality to cloud environments, thanks to the convenient, on-demand, pay-as-you-go resource allocation model, and the ease of provisioning and deployment of machines and software. Even life sciences organizations, biomedical companies, and healthcare providers - who are subject to strict governmental regulations around data privacy and confidentiality – have joined this trend. In such applications it is necessary to provide resiliency, security, privacy, and performance, to a high degree, all at the same time.
Enterprise-class resiliency in the cloud (including the traditional areas of fault tolerance, high availability, disaster recovery, and planned outage prevention) has been extensively studied and, although cloud environments offer unique challenges, suitable solutions exist. However, meeting these resiliency challenges is greatly compounded by and interacts with the need for privacy-preserving cloud data access, confidentiality-assured cloud data operations, and extensive logging of security-related activities, all of which are mandated by regulations in many countries and several sectors (e.g., finance, biomedicine, and life sciences). As is well known, providing high levels of resiliency and security can have significant performance overhead, which in turn contributes to the challenges of providing adequate performance to the application.
Resiliency, security, privacy, and performance on the cloud are active areas of research and development for some time now, and numerous schemes have been developed to address one or a subset of these needs. However, integrating these schemes to coherently achieve all properties simultaneously is a hard problem, involving many tricky trade-offs – which must be solved to meet these applications’ requirements.
The objective of this one-day workshop is to explore methods for viably and coherently integrating the disparate disciplines of resiliency, security, privacy, and performance in the context of cloud environments. The topics of interest mirror those of general interest to the EDCC main conference as applied to this problem domain, notably:
- Cloud economics
- Interplay between safety, security, privacy, and performance
- Privacy-preserving cloud data access
- Protocols for confidentiality-assured cloud data operations
- Security and Compliance Management for cloud environments
- Performance implications of cloud resiliency, security, and/or privacy features
- Dependability modelling and tools, especially methods for measurement, comparison, and validation of cloud resiliency, security, and/or performance
- Testing and validation methods for cloud security, performance, security, and/or privacy
- Performance of cloud systems and applications
- Cloud Availability and Reliability
- Security as a Service
- Data protection as a Service
- Disaster Recovery as a Service
- Design Patterns for cloud security, resiliency, availability, and/or privacy
- Cloud Management and Operations