Scaling Certificate Management for Cloud-Native Innovations with Google CAS

The breakneck speed of technological innovation in the last decade has led to an explosion of interconnectivity. From cloud computing to 5G networks to the Internet-of-things, our world increasingly grows more and more connected. Most modern systems are comprised of vast arrays of connected devices to deliver services to businesses and consumers. To properly implement the latest advances in technology, these interconnected devices must rapidly verify identity with each other.

Traditionally, the role of establishing device-to-device trust was handled by a certificate management systems, or Certificate Authorities (CA). However, these legacy systems are ill-equipped to keep pace with the requirements of cloud-native applications. That is why Google Cloud has launched its Certificate Authority Service (CAS); to support the ability of businesses to integrate and maximize the use of the world’s latest innovations.

In conjunction with the release of CAS, Google’s Anoosh Saboori and its Head of Security Solution Strategy, Anton Chuvakin, and I, recently released a whitepaper explaining the significance and key uses of the CAS system.

Scaling Certificate Management for Today’s Demands

Google brings its Certificate Authority Service to market to address certificate management needs of modern cloud-native architectures With CAS, organizations now have an API-enabled cloud-ready platform capable of hyperscaling certificate management that is aligned with the development methodologies of cloud-native applications. The advantages of Google’s Certificate Authority Service are numerous.

Ensuring the Security of Global Remote Work

Organizational workforces continue to become global and less centralized, meaning it is no longer possible to run company applications behind the safety of corporate firewalls. Employees need to be able to tap into company apps and data from anywhere on the planet, at any time. This trend places heavy demands on the architecture of CAs to meet the requirements of a global remote workforce. For example, “an entire system may run over 100,000 nodes. Assuming that each node needs 10 different certifications, renewed twice a day, results in a whopping 730M certificates generated each year!” Traditional CAs are not equipped to handle architectures at such massive scales. Certificate Authority Service, however, is more than capable of meeting these thresholds while simultaneously implementing identity and access controls required for global scale.

Cloud-Native, Cloud-Ready

Organizations are increasingly developing new applications and technologies native to the cloud. Utilizing on-prem certificate authorities that are most often tied to hardware security modules is illogical. CAS, however, is cloud-native, meaning its certificate management operations are harmoniously integrated and automated, engendering more robust security.

With CAS, cloud-first applications can avoid the need for manual certificate requests that might otherwise render the purpose of automation useless. With   worried over labored certificate issuing policies slowing down development, the capabilities of cloud-native CAs, like Google CAS, are essential to maintain business growth.

Reinforcing Resilience and Reliability

The interconnectivity of large, production systems is increasingly complex, requiring drastically greater resilience and reliability. The bigger and more integrated a system is, the more substantial a system failure will be. As explained in the white paper,  why organizations are reliant upon cloud platforms “to deliver reliability — to work as designed and deliver incredible stability, — and resilience — the ability for the system to continue to withstand certain types of failures and still remain functional.”

Resilience and reliability only occur with cloud-first infrastructures that support an application’s ability to capitalize on the elastic scale offered by cloud platforms. Digital certificates are central to the operation of most of these integrated systems. As such, they are often the culprit of system outages. While CAS cannot fix the source of these problems, its certificate automation does eliminate previously manual steps that have often led to error.

Supporting Multi-Cloud Infrastructures

Multi-Cloud infrastructures are increasingly commonplace among organizations, requiring the highest level tools and services available from cloud providers. However, modern APIs designed to simplify integration across services are not supported by traditional CA’s. Google’s CAS, on the other hand, bolsters these API’s enabling consistent certificate issuance.

Robust Logging and Auditability

Cloud-native infrastructure demands cohesive logging and visibility across services. Adequate visibility, after all, is one of the three pillars of data security in the cloud. With Google Cloud, customers have powerful tools to monitor their cloud environment. The CAS system integrates powerful logging capabilities that can be processed via native log analytics tools within Google Cloud. This logging happens instantaneously as CAS instances are created, ensuring “there’s never a risk that logging of a CA didn’t get configured correctly.”

Meeting Technological Demand with the Latest in Certificate Management

With a cloud-ready platform that is CAS enabled, your organization will be well-equipped to integrate technology’s newest innovations into your systems seamlessly.

You can learn more about Google CAS and its key use cases, by reading my joint white paper, “Scaling certificate management with Google Certificate Authority Service.”

Speak to an expert

Thank you for reaching out. One of our experts will be in touch with you.