Google improves security of cloud services

This means, for example, that a request from a web application to Google Cloud Storage can be authenticated via a certificate instead of a shared key, wrote Google product manager Justin Smith in a blog post.

"Certificates offer better security properties than shared keys and passwords, largely because they are not human-readable or guessable," he wrote.

Cloud-hosted developer services that can now authenticate application requests through Service Accounts are Google Cloud Storage; Google Prediction API; Google URL Shortener; Google OAuth 2.0 Authorization Server; Google APIs Console; and Google APIs Client Libraries for Python, Java, and PHP.

Google plans to add more APIs and client libraries to that list. The feature is implemented as an OAuth 2.0 flow and is compliant with draft 25 of the OAuth 2.0 specification, according to Smith.

OAuth is an open standard for authorization that allows users to share their private resources stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.

IDC analyst Stephen Hendrick said that Google has done well to focus on this initiative because security remains the main concern among users of cloud services, according to a report by PC Advisor.

According to Hendrick, initiatives like OAuth 2.0 and Google's decision to align their Service Account support with OAuth is an important step forward in improving cloud security.

Gartner analyst Bob Blakley expects OAuth to evolve into a key identity-related standard. Organizations should keep an eye on this standard and look if and where OAuth fits or will fit in, he told attendees of the Gartner IAM Summit 2012 in London.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?