I wrote this piece recently for the Cloud Security Alliance for Infosecurity Magazine on Single Sign-On to the Cloud.
As a practitioner in this area, it is striking how service providers
such as Google Apps enable access to their service (corporate Gmail
inboxes, Google Docs) via API keys. In the case of Google Apps, the key
is used to sign a SAML 2.0 assertion sent up to log the user into their
email inbox.
I'm sometimes asked for Cloud security predictions.
One prediction I have is that it is only a matter of time when API keys
are stolen from an organization, and used to access resources such as
email inboxes and sales leads. CSOs are mostly not aware that these
keys, often sitting on hard drives or baked into apps, are vital to
protect. In the article I talk about the API key protection options. Check it out...
Join the DZone community and get the full member experience.
Join For FreeDownload the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.
The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.
Topics:
Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}