A method and system for secure message handling of an application across deployment locations. The application is divided into multiple processing nodes which process messages and can be deployed in multiple different locations. The application is analyzed to identify processing nodes referencing given data aspects having deployment constraints. It is ascertained whether one or more data aspects of the given data aspects are accessed by an identified processing node. If so, a restriction is determined for the identified processing node based on the deployment constraints of the accessed one or more data aspects and the identified processing node of the application is deployed according to the determined restriction for the identified processing node. If not, the identified processing node or a preceding processing node is marked to indicate a required tokenization of the one or more data aspects, wherein the tokenization removes the deployment constraints for the identified processing node.