Dangers of API Keys In The Cloud
The keys to data in the cloud are there for the taking, says one security expert. Specifically API keys, used to identify applications or the application's use of an API, could be used by malware to evade host-based security.
According to Dark Reading, K. Scott Morrison, chief technology officer of Layer7 Technologies says "The problem is that developers have started using API keys for stuff that matters."
He stressed the problem isn't with the keys themselves. There are many implementations where the keys are used to authenticate users, which is not the intended purpose.
Others agree, according to Dark Reading. "There is a need to protect these cloud API keys," says Jeremy Westerman, director of product management at Vordel. "There is a lot of awareness in the industry about protecting, say, SSL keys ... Unfortunately, protecting API keys has not reached that level of awareness."