Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Cloud Security Podcast - The question of API Keys

DZone's Guide to

Cloud Security Podcast - The question of API Keys

· Cloud Zone
Free Resource

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

I had a really good discussion with Kaitlin Brunsden from EbizQ on the topic of Cloud Security in general, and API Keys in particular. All too often, CISOs and IT managers do not realize that if their organization is using Amazon Web Services (AWS), for example, then the Secret Key ID used to authenticate to AWS is often sitting on a hard drive or coded into an application. This Secret Key ID, in combination with the Access Key ID (which is readily available through traffic logs) can be used by a malicious user to provision or terminate virtual machines, to access data in Cloud-based queues or databases, or just simply to run up a large charge which will then hit the credit card linked to the API keys. Vordel can help, by protecting the API keys in the same way that our products protect keys used in other contexts (e.g. private keys for SSL).

The podcast (complete with transcription) is here: http://www.vordel.com/news/articles/31-08-10.html

 

 

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

Topics:

Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}