A.V. Tsaregorodtsev - Dr.Sci. (Eng.), Professor, Head of «Information Security» Department, Financial University under the Government of the Russian Federation. E-mail: AVTsaregorodtsev@fa.ru

Use of cloud computing applications and services requires review and adaptation of existing formal models for informational telecommunication systems security. Until now, the most critical issues in the construction of cloud computing infrastructure are aspects of information security. Achieving the goals of information security is a key factor in decision-making about the services of the outsourcing of information technology and, in particular, for the decision to migrate organization's information assets for different models of cloud services. Most organizations can not afford to protect all of their computing resources and assets due to budgetary constraints, so the transition to the new delivery model for IT services special attention should be paid to the security of information processing. In this regard, there is a problem of data processing security in a cloud computing environment, which requires the construction of a flexible IT infrastructure through a public cloud environment. At the same time, for the treatment of confidential information in the IT infrastructure it is necessary to include demilitarized components, the role of which can run private clouds controlled by the internal forces of the organization. To construct a formal workflows security model in a cloud computing environment the existing discretionary, mandate, role access control, security, information flow are considered as the basis of the model. In order to modify the classical security model Bell-LaPadula are proposed its extension to new key components with its subsequent interpretation to describe the information security requirements of working processes in a cloud computing environment. The proposed approach are considered as the basis for the automation of the separation workflows process within a hybrid cloud environment. This approach must replace the process of administrator selecting of possible variants of distribution processes, which is subjective and can result in an error. In place of the manual definition are proposed to introduce an automatic mechanism that implements the operation of the described method, which determines the required parameters on the basis of a strict set of rules, and then propose the best on the basis of the cost model. The proposed approach has the advantages that can reduce as potential security breaches and reduce the cost of IT infrastructure.