Shadow API Detection for Google Cloud Environments in Preview - InfoQ.com | Canada News Media
Connect with us

Tech

Shadow API Detection for Google Cloud Environments in Preview – InfoQ.com

Published

 on


During Google Cloud Next, Google announced the preview release of shadow API detection in Advanced API Security, part of the Apigee API Management solution. This managed API Broker service in the Google Cloud allows users to design, secure, deploy, monitor, and analyze APIs.

Apigee’s advanced API Security capability proactively identifies misconfigured APIs and detects malicious bot and business logic attacks. Nils Swart, a group product manager at Google Cloud, and Shelly Hershkovitz, a product manager at Google Cloud, write in a Google blog post:

Previously, this protection was only available for actively managed APIs. Now, with the ability to discover shadow APIs in Advanced API Security, you can eliminate hard-to-find blind spots and close security gaps.

Overview of Advanced API Security (Source: Google Documentation Apigee)

Shadow APIs are not under a company’s control but are used by developers to save time on repetitive tasks, become less dependent on other teams, or fill a gap in the organization’s existing approved APIs. Although developers may have good intentions, these unregulated APIs can pose serious vulnerabilities when allowed to function freely within the organization’s software environment.

The company has recently integrated Advanced API Security with Google Cloud regional external Application Load Balancers. This integration allows for the precise identification of API traffic within specific regions, which helps to ensure compliance and meet performance requirements. The capability can extract key API details such as endpoints, platforms, protocols, parameters, and responses by analyzing requests and responses within the load balancers. This information offers accessible insights into API operations, activities, and recent updates through a provided user interface.

Detailed information on shadow API endpoints associated with your load balancer (Source: Google blog post)

Other cloud providers like AWS and Microsoft offer API management services like Apigee API Management and similar features. With regards to Shadows APIs:

  • AWS API Gateway integrates with AWS Web Application Firewall (WAF), which can provide a similar level of security in protecting against unauthorized and malicious API requests. Although it does not natively have a “Shadow API detection” feature, its combination of WAF and detailed logging and monitoring through AWS CloudWatch and AWS X-Ray can indirectly help identify and manage shadow APIs.
  • Azure API Management service features include Gateway-level threat protection, which can be used to identify potentially malicious activities that may involve shadow APIs. It also offers detailed analytics and logging, which can help track undocumented APIs.

Dan Mearls, a director of sales Apigee Enterprise at Google, posted on LinkedIn:

Shadow APIs pose significant business risks due to their frequent lack of robust security measures like authentication and authorization protocols. This makes them vulnerable targets for hackers, increasing the likelihood of data breaches and sensitive information leaks. Additionally, shadow APIs might bypass established data handling protocols, potentially leading to violations of data privacy regulations like GDPR or CCPA, resulting in substantial fines and severe damage to an organization’s reputation.

Lastly, the documentation for getting started provides more details on Advanced API security.

About the Author

Adblock test (Why?)



Source link

Continue Reading

Health

Here is how to prepare your online accounts for when you die

Published

 on

 

LONDON (AP) — Most people have accumulated a pile of data — selfies, emails, videos and more — on their social media and digital accounts over their lifetimes. What happens to it when we die?

It’s wise to draft a will spelling out who inherits your physical assets after you’re gone, but don’t forget to take care of your digital estate too. Friends and family might treasure files and posts you’ve left behind, but they could get lost in digital purgatory after you pass away unless you take some simple steps.

Here’s how you can prepare your digital life for your survivors:

Apple

The iPhone maker lets you nominate a “ legacy contact ” who can access your Apple account’s data after you die. The company says it’s a secure way to give trusted people access to photos, files and messages. To set it up you’ll need an Apple device with a fairly recent operating system — iPhones and iPads need iOS or iPadOS 15.2 and MacBooks needs macOS Monterey 12.1.

For iPhones, go to settings, tap Sign-in & Security and then Legacy Contact. You can name one or more people, and they don’t need an Apple ID or device.

You’ll have to share an access key with your contact. It can be a digital version sent electronically, or you can print a copy or save it as a screenshot or PDF.

Take note that there are some types of files you won’t be able to pass on — including digital rights-protected music, movies and passwords stored in Apple’s password manager. Legacy contacts can only access a deceased user’s account for three years before Apple deletes the account.

Google

Google takes a different approach with its Inactive Account Manager, which allows you to share your data with someone if it notices that you’ve stopped using your account.

When setting it up, you need to decide how long Google should wait — from three to 18 months — before considering your account inactive. Once that time is up, Google can notify up to 10 people.

You can write a message informing them you’ve stopped using the account, and, optionally, include a link to download your data. You can choose what types of data they can access — including emails, photos, calendar entries and YouTube videos.

There’s also an option to automatically delete your account after three months of inactivity, so your contacts will have to download any data before that deadline.

Facebook and Instagram

Some social media platforms can preserve accounts for people who have died so that friends and family can honor their memories.

When users of Facebook or Instagram die, parent company Meta says it can memorialize the account if it gets a “valid request” from a friend or family member. Requests can be submitted through an online form.

The social media company strongly recommends Facebook users add a legacy contact to look after their memorial accounts. Legacy contacts can do things like respond to new friend requests and update pinned posts, but they can’t read private messages or remove or alter previous posts. You can only choose one person, who also has to have a Facebook account.

You can also ask Facebook or Instagram to delete a deceased user’s account if you’re a close family member or an executor. You’ll need to send in documents like a death certificate.

TikTok

The video-sharing platform says that if a user has died, people can submit a request to memorialize the account through the settings menu. Go to the Report a Problem section, then Account and profile, then Manage account, where you can report a deceased user.

Once an account has been memorialized, it will be labeled “Remembering.” No one will be able to log into the account, which prevents anyone from editing the profile or using the account to post new content or send messages.

X

It’s not possible to nominate a legacy contact on Elon Musk’s social media site. But family members or an authorized person can submit a request to deactivate a deceased user’s account.

Passwords

Besides the major online services, you’ll probably have dozens if not hundreds of other digital accounts that your survivors might need to access. You could just write all your login credentials down in a notebook and put it somewhere safe. But making a physical copy presents its own vulnerabilities. What if you lose track of it? What if someone finds it?

Instead, consider a password manager that has an emergency access feature. Password managers are digital vaults that you can use to store all your credentials. Some, like Keeper,Bitwarden and NordPass, allow users to nominate one or more trusted contacts who can access their keys in case of an emergency such as a death.

But there are a few catches: Those contacts also need to use the same password manager and you might have to pay for the service.

___

Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.

Source link

Continue Reading

Tech

Google’s partnership with AI startup Anthropic faces a UK competition investigation

Published

 on

 

LONDON (AP) — Britain’s competition watchdog said Thursday it’s opening a formal investigation into Google’s partnership with artificial intelligence startup Anthropic.

The Competition and Markets Authority said it has “sufficient information” to launch an initial probe after it sought input earlier this year on whether the deal would stifle competition.

The CMA has until Dec. 19 to decide whether to approve the deal or escalate its investigation.

“Google is committed to building the most open and innovative AI ecosystem in the world,” the company said. “Anthropic is free to use multiple cloud providers and does, and we don’t demand exclusive tech rights.”

San Francisco-based Anthropic was founded in 2021 by siblings Dario and Daniela Amodei, who previously worked at ChatGPT maker OpenAI. The company has focused on increasing the safety and reliability of AI models. Google reportedly agreed last year to make a multibillion-dollar investment in Anthropic, which has a popular chatbot named Claude.

Anthropic said it’s cooperating with the regulator and will provide “the complete picture about Google’s investment and our commercial collaboration.”

“We are an independent company and none of our strategic partnerships or investor relationships diminish the independence of our corporate governance or our freedom to partner with others,” it said in a statement.

The U.K. regulator has been scrutinizing a raft of AI deals as investment money floods into the industry to capitalize on the artificial intelligence boom. Last month it cleared Anthropic’s $4 billion deal with Amazon and it has also signed off on Microsoft’s deals with two other AI startups, Inflection and Mistral.

The Canadian Press. All rights reserved.

Source link

Continue Reading

News

Kuwait bans ‘Call of Duty: Black Ops 6’ video game, likely over it featuring Saddam Hussein in 1990s

Published

 on

 

DUBAI, United Arab Emirates (AP) — The tiny Mideast nation of Kuwait has banned the release of the video game “Call of Duty: Black Ops 6,” which features the late Iraqi dictator Saddam Hussein and is set in part in the 1990s Gulf War.

Kuwait has not publicly acknowledged banning the game, which is a tentpole product for the Microsoft-owned developer Activision and is set to be released on Friday worldwide. However, it comes as Kuwait still wrestles with the aftermath of the invasion and as video game makers more broadly deal with addressing historical and cultural issues in their work.

The video game, a first-person shooter, follows CIA operators fighting at times in the United States and also in the Middle East. Game-play trailers for the game show burning oilfields, a painful reminder for Kuwaitis who saw Iraqis set fire to the fields, causing vast ecological and economic damage. Iraqi troops damaged or set fire to over 700 wells.

There also are images of Saddam and Iraq’s old three-star flag in the footage released by developers ahead of the game’s launch. The game’s multiplayer section, a popular feature of the series, includes what appears to be a desert shootout in Kuwait called Scud after the Soviet missiles Saddam fired in the war. Another is called Babylon, after the ancient city in Iraq.

Activision acknowledged in a statement that the game “has not been approved for release in Kuwait,” but did not elaborate.

“All pre-orders in Kuwait will be cancelled and refunded to the original point of purchase,” the company said. “We remain hopeful that local authorities will reconsider, and allow players in Kuwait to enjoy this all-new experience in the Black Ops series.”

Kuwait’s Media Ministry did not respond to requests for comment from The Associated Press over the decision.

“Call of Duty,” which first began in 2003 as a first-person shooter set in World War II, has expanded into an empire worth billions of dollars now owned by Microsoft. But it also has been controversial as its gameplay entered the realm of geopolitics. China and Russia both banned chapters in the franchise. In 2009, an entry in the gaming franchise allowed players to take part in a militant attack at a Russian airport, killing civilians.

But there have been other games recently that won praise for their handling of the Mideast. Ubisoft’s “Assassin’s Creed: Mirage” published last year won praise for its portrayal of Baghdad during the Islamic Golden Age in the 9th century.

The Canadian Press. All rights reserved.

Source link

Continue Reading

Trending

Exit mobile version