Over a million developers have joined DZone.

Cloud Security Podcast - The question of API Keys

· Cloud Zone

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

I had a really good discussion with Kaitlin Brunsden from EbizQ on the topic of Cloud Security in general, and API Keys in particular. All too often, CISOs and IT managers do not realize that if their organization is using Amazon Web Services (AWS), for example, then the Secret Key ID used to authenticate to AWS is often sitting on a hard drive or coded into an application. This Secret Key ID, in combination with the Access Key ID (which is readily available through traffic logs) can be used by a malicious user to provision or terminate virtual machines, to access data in Cloud-based queues or databases, or just simply to run up a large charge which will then hit the credit card linked to the API keys. Vordel can help, by protecting the API keys in the same way that our products protect keys used in other contexts (e.g. private keys for SSL).

The podcast (complete with transcription) is here: http://www.vordel.com/news/articles/31-08-10.html



The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.


Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}