Single Sign-On to Cloud services
DZone's Guide to
Single Sign-On to Cloud services
Join the DZone community and get the full member experience.
Join For FreeDiscover a centralized approach to monitor your virtual infrastructure, on-premise IT environment, and cloud infrastructure – all on a single platform.
I wrote this piece recently for the Cloud Security Alliance for Infosecurity Magazine on
Single Sign-On to the Cloud. As a practitioner in this area, it is striking how service providers such as Google Apps enable access to their service (corporate Gmail inboxes, Google Docs) via API keys. In the case of Google Apps, the key is used to sign a SAML 2.0 assertion sent up to log the user into their email inbox.
I'm sometimes asked for Cloud security predictions. One prediction I have is that it is only a matter of time when API keys are stolen from an organization, and used to access resources such as email inboxes and sales leads. CSOs are mostly not aware that these keys, often sitting on hard drives or baked into apps, are vital to protect. In the article I talk about the API key protection options. Check it out...
I'm sometimes asked for Cloud security predictions. One prediction I have is that it is only a matter of time when API keys are stolen from an organization, and used to access resources such as email inboxes and sales leads. CSOs are mostly not aware that these keys, often sitting on hard drives or baked into apps, are vital to protect. In the article I talk about the API key protection options. Check it out...
Learn how to auto-discover your containers and monitor their performance, capture Docker host and container metrics to allocate host resources, and provision containers.
Like This Article? Read More From DZone
Topics:
Published at DZone with permission of Mark O'Neill , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}