API Keys, the Invisible Keys to Unlock Your Cloud Riches

Businesses are increasingly leveraging cloud computing to drive opportunities and efficiencies in their day-to-day operations. In response to the growing use of smartphones and the advent of cloud-hosted, enterprises are engaging in new and innovative ways with their customers, employees, partners and suppliers to increase brand loyalty, generate new revenues and improve the overall business experience.The key to these advances is the Application Programming Interface (API). In a nutshell, APIs are the rules that determine how applications interface with cloud-side service offerings to enable enterprises to reach far beyond their own web properties to distribute data, content or services that have relevance to their business operations. Effectively these [API keys|APIs} are the interface to the business services and access to APIs is controlled by API keys. API keys are codes generated to control and manage access to these services and most organizations use some form of API keys to access their cloud services.Much lip service is paid to protecting information in the cloud, but the reality is often a seat-of-the-pants policy approach to Cloud security. As noted, the API keys control access to business sensitive information – or the riches of your cloud assets- in the Cloud (e.g. email, sales leads, or shared documents) and pay-as-you-use cloudservices. As such, if an organization condones the casual management of API keys they are at risk of: 1) unauthorized individuals using the keys to access confidential information, and2) the possibility of huge credit card bills for unapproved access to pay-as-you-use Cloud-based services.In effect, easily-accessed API keys means potentially anyone could use them to run up bills, this is akin to having access to someone’s credit card and making unauthorized purchases. Yet despite this, API keys are often emailed around an organization without due regard to their sensitivity, or stored on file servers accessed by many people.In summary, as organizations increasingly access Cloud computing services, readers need to ask themselves if they have implemented a corporate-wide policy for the protection of API Keys, just as they have passwords and private keys. The secure storage of API keys demands that operations staff can apply a policy to their key usage. It also means that regulatory criteria related to privacy and protections of critical communications are met. It is clear the casual use and sharing of APIs is an accident waiting to happen. As such, regardless of how an organization chooses to manage API keys, either using a homegrown approach or off-the shelf product, the critical goal is to safeguard the access and usage of these keys.For further reading on API Keys please reference the following article on the cloud computing Security Alliance blog:"Extend the enterprise into the cloud with single sign- on to cloud based services." Hugh Carroll is VP of Marketing at Vordel, a provider of Cloud Gateways to protect, connect and accelerate enterprise to Cloud-based applications.AboutVordelVordel delivers fast, safe, connectivity for SOA and Cloud Services. Vordel Gateway provides integration, security, governance, and acceleration for enterprise applications and Cloud based services. Vordel Gateway enables Fortune 5000 enterprises and government agencies to extend their enterprise applications and SOA infrastructure beyond the perimeter to enable Cloud-based services and mobile computing. Vordel makes it possible to deliver and consume "Applications Anywhere" with existing IT applications and infrastructure, without costly upgrades and rewrites. Follow us on twitter and our Blogs.