Q
Manage Learn to apply best practices and optimize your operations.

How can I minimize cloud API security risks?

Without proper security measures, cloud APIs can be a gateway for hackers. So how do I ensure cloud API security?

Cloud application programming interfaces allow software developers to create code that interfaces with a cloud...

provider's services. But while critical to cloud applications, APIs also have an attack surface that can potentially compromise sensitive business data. This means providers and software developers need to prioritize cloud API security.

Sessionless security practices enable better scalability in the cloud

First, tactics like including a username and password in the body of data or in simple object access protocol headers is not secure. Instead, developers should use sessionless security practices such as HTTP authentication, token-based authentication or Web Services Security. Sessionless security also enables better scalability for the cloud service because any server can handle user requests without sharing sessions between them.

For the cloud service providers creating the APIs, testing is especially critical. However, users should independently verify cloud API security, as it's critical for auditing and compliance.

Developers should determine whether an API performs secondary security checks, such as verifying the user has appropriate permission to view, edit or delete services and data. Once initial authentication is cleared, developers often overlook secondary security strategies.

Cloud providers and developers should test cloud API security against common threats, such as injection attacks and cross-site forgery. For the cloud service providers creating the APIs, testing is especially critical. However, users should independently verify cloud API security, as it's critical for auditing and compliance.

If encryption keys are part of the access and authentication methodology for API calls, store the keys securely and never code them into a file or script.

Perform API change reporting

While security is a key part of cloud API construction and use, it's also important to consider change logging and reporting features. These features help track user access to cloud resources, as well as data and configuration changes.

A software developer invokes one or more cloud API calls to change cloud-hosted data, launch new compute instances and alter the resources provisioned to a cloud instance. Each of these activities should produce a log trail that developers can conveniently access. Comprehensive logging can be critical for auditing, legal discovery and other compliance issues.

About the author:
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at 
sbigelow@techtarget.com.

Next Steps

Considerations for effective API design

Without standard cloud APIs, what should a cloud developer do?

Picking the right cloud provider API

This was last published in September 2015

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Developing cloud applications in the new IT era

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your enterprise minimize API security threats?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchCRM

Close