Cloud Security Podcast - The question of API Keys
by
Join the DZone community and get the full member experience.
Join For FreeI had a really good discussion with Kaitlin Brunsden from EbizQ on the
topic of Cloud Security in general, and API Keys in particular. All too
often, CISOs and IT managers do not realize that if their organization
is using Amazon Web Services (AWS), for example, then the Secret Key ID
used to authenticate to AWS is often sitting on a hard drive or coded
into an application. This Secret Key ID, in combination with the Access
Key ID (which is readily available through traffic logs) can be used by a
malicious user to provision or terminate virtual machines, to access
data in Cloud-based queues or databases, or just simply to run up a
large charge which will then hit the credit card linked to the API keys.
Vordel can help, by protecting the API keys in the same way that our
products protect keys used in other contexts (e.g. private keys for
SSL).
The podcast (complete with transcription) is here: http://www.vordel.com/news/articles/31-08-10.html
Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments