Expert Panel Has More Questions Than Answers When it Comes to API Security

The Cloud Security Alliance Summit brought together a panel of security experts on February 27 in San Francisco to examine the threats posed by API and cloud-based computing. But rather than providing guidance on how to mitigate security risks they focused instead on the uncertain nature of security in an environment that is increasingly dominated by applications that use APIs to transfer data across the cloud.

One of the key benefits of APIs is their anonymous nature. In fact, it is their anonymity that is helping drive their growth. But the ease and speed at which API-based applications can be created has encouraged independent developers to jump into the fray without having to pay significant attention to security.

RSA Cloud Security Summit 2012 San Francisco

While the wild west atmosphere may be seen as a threat to some, the biggest threat to personal Internet security is not APIs or small, independent developers but rather large companies “that collect massive amounts of data from people, including photos, documents, video, search and buying patterns,” panelist Bruce Schneier said.

Panelists pointed out the importance of the token-based authentication system, OAuth, in enabling personal users to authenticate with applications without rendering their credentials. Because OAuth limits access to only one application at a time with limitations of time and scope, it enables authors of applications to provide personalized services without having to independently manage security.

While OAuth may answer the security questions for individual use, as more businesses look to APIs to connect their applications across the cloud, it is only inevitable that legitimate security concerns related to enterprise applications will arise.

Panelists included Philippe Courtot, CEO of Qualys; Don Godfrey, Security Consultant with Humana; and Matt Johansen, Threat Research Center Manager at WhiteHat Security, among others.

Be sure to read the next Security article: 30 Authentication APIs: Google, AOL, Windows Live and Yahoo


Comments (3)

[...]   read the description, download, install & have fun! in the file you'll find step by step the instructions about how to install it. to complete an offer it takes 30sec to 1min, the same time you have to wait at MegaUpload, FastShare or any other DownloadSite where you don't have premium account. -------- Copyright © november2011. All rights reservedWin Him Back :: Fastest Growing Ex Back Product On CB read the description, download, install & have fun! in the file you'll find step by step the in...=en_US&modestbranding=1"> [...]

great submit, very informative. I ponder why the opposite experts of this sector don't notice this. You must proceed your writing. I am sure, you have a huge readers' base already!