The Google Certificate Authority as a service x AppViewX is the solution of the future for companies.
Public-key cryptography has proven to be a reliable method to protect networks and data, ensure the confidentiality of critical operations and communications, and authenticate the digital identity of people and devices. The public key infrastructure is based on certificates issued by a certification body, a public or private organisation, usually located locally, which identifies the parties involved in the transaction and links them to key pairs. Over the years, the system has worked flawlessly: organisations generated keys and a signature request for the certificate directly from the device on which it was to be installed, sent it to the certification authority, which in turn signed it, issued a private key and sent it back. There was nothing wrong with the world of data centers… …and then there was the cloud.
Cloud applications are often built using micro-services, changing the way certificates are used for printing and authentication. Applications based on micro-services are connected by a cell, and each of these connections exists between containers, micro-services, virtual machines, etc. – must be protected. In addition, a reliable method is needed to prove that each end is identical to the other; it is no longer necessary to rely on server names, IP addresses and hardware addresses.
This means that instead of issuing certificates based on specific requirements for each application and each device, which generally do not expire in a year or more, safety groups are much more likely to issue short-term certificates – for hours instead of years. In addition, the increase in the number of IoT devices and the certificates required for them could tip the balance and further change the number and complexity of certificates issued.
As a result, current real-time CA solutions have not been able to adequately support cloud-based applications and the upcoming wave of IoT. This is a classic example of technology built for a data center that has grown organically over the years, even decades, and developed and ultimately flourished in these environments. But when containers and micro-services entered the cloud, they couldn’t provide the scalability, availability, and seamless integration needed for modern applications (as they were developed long before modern cloud APIs). Worse, the old certification process will overwhelm IT and security teams and exacerbate the problem, making the teams even more tense and error-prone.
Some organizations do not recognize the gap between their best and true KT practices and the needs of modern application delivery. They try to work with the cloud as a data center, essentially trying to replicate local activities in the cloud. The most common result of this approach is that they face most of the problems associated with clouds, and only a fraction of the benefits are forced to sacrifice flexibility, time to sell and ultimately revenue because the solutions they try to use are not designed for the speed of the cloud. This means they all have their old mistakes in their luggage as they enter the cloud and start their journey in the cloud full of risks and old and new problems. You also miss the opportunity to make things safer, more flexible and more optimal during the migration.
Some DevOps teams decided that they could not rely on existing certification tools and therefore decided to develop their own tools. Of course, this creates a whole new set of problems because the PKI team loses control of the certificate infrastructure – they don’t know where the certificates are, how quickly they need to be updated, or even what applications or services they are linked to. And as we all know from the many examples of expired certificates that have led to service disruptions, this is not the result that a company would want to achieve.
Organisations that have built the cloud infrastructure from scratch tend to do better, but they have also experienced their share of problems with digital certificates. Some have tried to create their own modern CA, but even the largest organizations that invest heavily in security quickly realize that they don’t have the extra budget or experience to independently manage the certificate issuance process.
So what if you need something but can’t build it yourself? Of course you’re going to outsource! And who better to outsource a CA cloud service than your own trusted cloud provider, especially one that has proven to secure your own infrastructure – Google.
Ultimately, digital certificates are used to protect the infrastructure and Google already has a lot of experience in this field, as in the case of Kubernetes, a distributed cluster technology that automatically generates the necessary certificates. Until recently, this was mostly done behind the scenes, but companies needed a way to integrate CA for both traditional and cloud-based applications, so Google decided to offer its customers a separate CA service.
The new CAS is based on Google’s principles to provide a scalable and highly available service in different regions. You can use the service today as long as it’s in beta. It adapts to the needs of today’s businesses and gives DevOps the speed and agility it needs. At the same time, it enables the PKI team to monitor its security infrastructure and comply with the regulations that require or offer certificates. This goes beyond the level offered by a traditional certification centre, both in terms of safety and manoeuvrability.
In addition, mature organizations that have developed a certificate life cycle management practice can expect the new CAS to be integrated with leading CLM solutions. Google CAS supports multiple partners, including AppViewX.
Outsourcing PKI management tasks to a cloud service provider is a logical choice for any organization advancing its digital conversion projects. Not only does it provide future-proof technology that is scalable, affordable, reliable and expandable, but it can also deliver significant cost savings and support growth while improving safety and regulatory compliance.
Sign up to discover a new generation of PKI Instant deployment, cloud security, certificate lifecycle automation and more.
For the first time on AppViewX, Google Certificate Authority as x AppViewX service is the future-proof business solution.
*** This is a syndicated network of bloggers for blog security – AppViewX, written by Anoosh Saboori. The original message can be found at the following address: https://www.appviewx.com/blogs/googles-certificate-authority-as-a-service-x-appviewx-a-future-fit-solution-for-the-enterprise/.