API Keys, the Invisible Keys to Unlock Your Cloud Riches
Written by Hugh Carroll, VP of Marketing, Vordel
Businesses are increasingly leveraging Cloud computing to drive opportunities and efficiencies in their day to day operations. In response to the growing use of smartphones and the advent of cloud-hosted services, enterprises are engaging in new and innovative ways with their customers, employees, partners and suppliers to increase brand loyalty, generate new revenues and improve the overall business experience.
The key to these advances is the Application Programming Interface (API). In a nutshell, APIs are the rules that determine how applications interface with cloud-side service offerings to enable enterprises to reach far beyond their own web properties to distribute data, content or services that have relevance to their business operations. Effectively these APIs are the interface to the business services and access to APIs is controlled by API keys. API keys are codes generated to control and manage access to these services and most organizations use some form of API keys to access their cloud services.
Much lip service is paid to protecting information in the Cloud, but the reality is often a seat-of-the-pants policy approach to Cloud security. As noted, the API keys control access to business sensitive information – or the riches of your cloud assets- in the Cloud (e.g. email, sales leads, or shared documents) and pay-as-you-use Cloud services. As such, if an organization condones the casual management of API keys they are at risk of:
1) unauthorized individuals using the keys to access confidential information and
2) the possibility of huge credit card bills for unapproved access to pay-as-you-use Cloud services.
In effect, easily accessed API keys means potentially anyone could use them to run up bills, this is akin to having access to someone's credit card and making unauthorized purchases. Yet despite this, API keys are often emailed around an organization without due regard to their sensitivity, or stored on file servers accessed by many people.
In summary, as organizations increasingly access Cloud services,readers need to ask themselves if they have implemented a corporate-wide policy for the protection of API Keys, just as they have passwords and private keys. The secure storage of API keys demands that operations staff can apply a policy to their key usage. It also means that regulatory criteria related to privacy and protections of critical communications are met. It is clear the casual use and sharing of API keys is an accident waiting to happen. As such, regardless of how an organization chooses to manage API keys, either using a home grown approach or off-the shelf product, the critical goal is to safeguard the access and usage of these keys.
For further reading on API Keys please reference the following article on the Cloud Security Alliance blog:
“Extend the enterprise into the cloud with single sign- on to cloud based services.”
Hugh Carroll is VP of Marketing at Vordel, a provider of Cloud Gateways to protect, connect and accelerate enterprise to Cloud connections.
Vordel delivers fast, safe, connectivity for SOA and Cloud Services. Vordel Gateway provides integration, security, governance, and acceleration for enterprise applications and Cloud based services. Vordel Gateway enables Fortune 5000 enterprises and government agencies to extend their enterprise applications and SOA infrastructure beyond the perimeter to enable Cloud based services and mobile computing. Vordel makes it possible to deliver and consume "Applications Anywhere" with IT's existing applications and infrastructure, without costly upgrades and rewrites. Follow us on twitter and our Blogs.
Intelliwave SiteSense boosts APTIM material tracking
“We’ve been engaged with the APTIM team since early 2019 providing SiteSense, our mobile construction SaaS solution, for their maintenance and construction projects, allowing them to track materials and equipment, and manage inventory.
We have been working with the APTIM team to standardize material tracking processes and procedures, ultimately with the goal of reducing the amount of time spent looking for materials. Industry studies show that better management of materials can lead to a 16% increase in craft labour productivity.
Everyone knows construction is one of the oldest industries but it’s one of the least tech driven comparatively. About 95% of Engineering and Construction data captured goes unused, 13% of working hours are spent looking for data and around 30% of companies have applications that don’t integrate.
With APTIM, we’re looking at early risk detection, through predictive analysis and forecasting of material constraints, integrating with the ecosystem of software platforms and reporting on real-time data with a ‘field-first’ focus – through initiatives like the Digital Foreman. The APTIM team has seen great wins in the field, utilising bar-code technology, to check in thousands of material items quickly compared to manual methods.
There are three key areas when it comes to successful Materials Management in the software sector – culture, technology, and vendor engagement.
Given the state of world affairs, access to data needs to be off site via the cloud to support remote working conditions, providing a ‘single source of truth’ accessed by many parties; the tech sector is always growing, so companies need faster and more reliable access to this cloud data; digital supply chain initiatives engage vendors a lot earlier in the process to drive collaboration and to engage with their clients, which gives more assurance as there is more emphasis on automating data capture.
It’s been a challenging period with the pandemic, particularly for the supply chain. Look what happened in the Suez Canal – things can suddenly impact material costs and availability, and you really have to be more efficient to survive and succeed. Virtual system access can solve some issues and you need to look at data access in a wider net.
Solving problems comes down to better visibility, and proactively solving issues with vendors and enabling construction teams to execute their work. The biggest cause of delays is not being able to provide teams with what they need.
On average 2% of materials are lost or re-ordered, which only factors in the material cost, what is not captured is the duplicated effort of procurement, vendor and shipping costs, all of which have an environmental impact.
As things start to stabilise, APTIM continues to utilize SiteSense to boost efficiencies and solve productivity issues proactively. Integrating with 3D/4D modelling is just the precipice of what we can do. Access to data can help you firm up bids to win work, to make better cost estimates, and AI and ML are the next phase, providing an eco-system of tools.
A key focus for Intelliwave and APTIM is to increase the availability of data, whether it’s creating a data warehouse for visualisations or increasing integrations to provide additional value. We want to move to a more of an enterprise usage phase – up to now it’s been project based – so more people can access data in real time.