Most up-to-date Cloud info for Java developers

Java in the Cloud

Subscribe to Java in the Cloud: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Java in the Cloud: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Java in the Cloud Authors: Zakia Bouachraoui, Bill Kohl, Andy Thurai, Douglas Lyon, Stackify Blog

Related Topics: Cloud Computing, Security Journal, Google, Secure Cloud Computing, Google App Engine, Java in the Cloud

Blog Feed Post

Single Sign-On to Cloud Services

It is only a matter of time until API keys are stolen from an organization

I wrote this piece recently for the Cloud Security Alliance for Infosecurity Magazine on Single Sign-On to the Cloud.

As a practitioner in this area, it is striking how service providers such as Google Apps enable access to their service (corporate Gmail inboxes, Google Docs) via API keys. In the case of Google Apps, the key is used to sign a SAML 2.0 assertion sent up to log the user into their email inbox.

I'm sometimes asked for Cloud security predictions. One prediction I have is that it is only a matter of time when API keys are stolen from an organization, and used to access resources such as email inboxes and sales leads. CSOs are mostly not aware that these keys, often sitting on hard drives or baked into apps, are vital to protect. In the article I talk about the API key protection options. Check it out...

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.