Protect the API Keys to your Cloud Kingdom

API keys to become first class citizens of security policies, just like SSL keys

Much lip service is paid to protecting information in the Cloud, but the reality is often seat-of-the-pants Cloud security. Most organizations use some form of API keys to access their cloud services. Protection of these API keys is vital. This blog post will explore the issues at play when protecting API keys, and make some recommended solutions.

In 2011, the sensitivity of API Keys will start to be realized, and organizations will better understand the need to protect these keys at all costs. After all, API keys are directly linked to access to sensitive information in the cloud (like email, sales leads, or shared documents) and pay-as-you-use Cloud services. As such, if an organization condones the casual management of API keys they are at risk of: 1) unauthorized individuals using the keys to access confidential information and 2) the possibility of huge credit card bills for unapproved access to pay-as-you-use Cloud services.

In effect, easily accessed API keys means anyone can use them and run up huge bills on virtual machines. This is akin to having access to someone’s credit card and making unauthorized purchases.

APIs – Let’s take a look at APIs. As you know, many Cloud services are accessed using simple REST Web Services interfaces. These are commonly called APIs, since they are similar in concept to the more heavyweight C++ or Visual Basis APIs of old, though they are much easier to leverage from a Web page or from a mobile phone, hence their increasing ubiquity. In a nutshell, API Keys are used to access these Cloud services. As Darryl Plummer of Gartner noted in his blog, “The cloud has made the need for integrating between services (someone told me, “if you’re over 30 you call it an ‘API’, and if you are under 30 you call it a ‘service’”) more evident than ever. Companies want to connect from on-premises apps to cloud services and from cloud services to cloud services. And, all of these connections need to be secure and governed for performance.” Continue reading…

Related Posts

Top 10 upcoming Android tablets Contrary to popular belief, the iPad 2 isn’t the only tablet computer in the world. Yes, it is rather wonderful, and the game support is staggering, b...
Google’s Lack of Transparency and Openness in the Android Market Will Hurt More Than... The vast open landscape for users, developers, and industry that Google announced with the release of Android has been growing narrower and more opaqu...
Android App Permissions Dissected Based on our recent research and feedback from our users, we know that Android permissions can sometimes be confusing. Often it is hard to tell what d...
He can steal your smart phone’s and tablet’s encryption keys If you think that the encryption keys that your smart phone or tablet computer uses to protect data you want to keep others from accessing is secure, ...
Mozilla Leads the Way on Do Not Track Earlier today, Mozilla announced plans to incorporate a Do Not Track feature into their next browser release, Firefox 4.1. Google also announced a new...
The Case Against COICA In September, digital rights advocates and Internet engineers helped to delay the Combatting Online Infringement and Counterfeits Act (COICA), a terr...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*