awakenings
asked on
AWS API Power
All,
I've been investigating AWS solutions as of late. I made a startling discovery. The AWS API is capable of reading information off of individual files within instances. This raises an alarm in my head. I'm starting my research, but I am open to other thoughts and ideas. Many of the solutions run off of the AWS API. Is there a way to limit the power of the API? Any thoughts from security professionals about the risk of AWS taking information off of instances? Any way to limit or remove the AWS API? Thoughts are appreciated.
Thanks,
Awakenings
I've been investigating AWS solutions as of late. I made a startling discovery. The AWS API is capable of reading information off of individual files within instances. This raises an alarm in my head. I'm starting my research, but I am open to other thoughts and ideas. Many of the solutions run off of the AWS API. Is there a way to limit the power of the API? Any thoughts from security professionals about the risk of AWS taking information off of instances? Any way to limit or remove the AWS API? Thoughts are appreciated.
Thanks,
Awakenings
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Shalomc,
Thank you. When I asked point blank how do you capture information for DLP like functions, their reply was through API's - not agents. In fact, they specifically said they do not connect to individual instances except through API calls. Maybe the sales guy didn't know what he was talking about? Other thoughts?
Thanks,
Awakenings
Thank you. When I asked point blank how do you capture information for DLP like functions, their reply was through API's - not agents. In fact, they specifically said they do not connect to individual instances except through API calls. Maybe the sales guy didn't know what he was talking about? Other thoughts?
Thanks,
Awakenings
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Both,
It is not a DLP company. Their product just happens to have DLP in it (they could be not telling me the truth, but). In this case Elastica. It leaves me scratching my head.
Awakenings
It is not a DLP company. Their product just happens to have DLP in it (they could be not telling me the truth, but). In this case Elastica. It leaves me scratching my head.
Awakenings
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Sorry about the slow response.
Hey awakenings,
Out of curiosity - how did this end?
Out of curiosity - how did this end?
ASKER
Shalomc,
It turns out it was a sales tactic they used. I was talking about AWS, and they were talking about Box. So they have no DLP for AWS. I'm now researching API Gateways despite this small victory. They just make sense.
Awakenings
It turns out it was a sales tactic they used. I was talking about AWS, and they were talking about Box. So they have no DLP for AWS. I'm now researching API Gateways despite this small victory. They just make sense.
Awakenings
ASKER
Thank you. I was talking to a vendor who said they had DLP functionality with their product. They look at files on a system then tie them back to individual types of data (PII, PCI, etc.). They said they do this through API calls. I am looking for more information on this. If so, it means APIs have more access to the system, than I was aware.
Thanks,
Awakenings