Google catches up to AWS and steals a march on Azure with introduction of cloudy Certificate Authority Service

Underdog gives Redmond something to think about


Google is introducing a Certificate Authority Service for customers of its cloud platform. AWS already has an equivalent, but Microsoft's Azure cloud does not.

Certificate Authorities (CAs) are used for issuing private certificates. These are not trusted outside the private network, but within they are used for securing connections and authenticating machines, users and services.

Google claims that modern application development, based on containers and microservices, along with IoT deployments, is stressing on-premises CAs. "These new use cases require short-lived certificates that are renewed frequently, which in turn require high availability and scalability from the CA," Google said. "Existing private CA solutions fall short. For example, a company may have to issue 10 million certificates in one year vs. 10 thousand when dealing with IoT devices."

Product manager Anoosh Saboori further stated that on-premises CAs "do not support modern APIs" and are "incompatible with cloud providers' built-in CAs". Saboori also noted that startups which are born in the cloud may be only just discovering the value of a private CA.

Google Cloud Platform (GCP) is therefore previewing a new CA Service, currently in private beta. The private keys will be stored in GCP's Cloud Key Management service. Pricing information is not yet announced. The new service has a REST API which the company promises will allow customers "to acquire and manage certificates without being a PKI expert".

AWS already has AWS Certificate Manager Private Certificate Authority, an extension of a core AWS Certificate Manager service used to secure AWS services. An AWS private CA costs $400.00 per month and between $0.75 and $0.001 per certificate issued, depending on the volume. AWS has just announced an enhancement to its service, which is support for PrivateLink endpoints, which let you keep network traffic entirely within the AWS network.

Google for its part recently came up with Private Service Connect, currently in alpha, which similarly keeps traffic on Google's own network, so presuming the new CA Service works with Private Service Connect it might be able to match this feature.

The odd cloud out here is Microsoft Azure. There is a CA service built into Windows Server that can be deployed in an Azure VM but no managed service, though this has been requested by customers. In its guide to finding equivalent Azure services to those on AWS, Microsoft refers customers to the App Service Certificate feature, which is nowhere near the same thing and refers to automated purchase of certificates from GoDaddy.

GCP remains well behind Azure in market share - cloud infrastructure stats for Q2 were out late last week - but in this little area it is Microsoft that now has some catching up to do. ®

Narrower topics


Other stories you might like

  • Dog forgets all about risk of drowning in a marsh as soon as drone dangles a sausage

    It's not the wurst idea in the world

    Man's best friend, though far from the dumbest animal, isn't that smart either. And if there's one sure-fire way to get a dog moving, it's the promise of a snack.

    In another fine example of drones being used as a force for good, this week a dog was rescued from mudflats in Hampshire on the south coast of England because it realised that chasing a sausage dangling from a UAV would be a preferable outcome to drowning as the tide rose.

    Or rather the tantalising treat overrode any instinct the pet had to avoid the incoming water.

    Continue reading
  • Almost there: James Webb Space Telescope frees its mirrors and prepares for insertion

    Freed of launch restraints, mirror segments can waggle at will

    NASA scientists have deployed mirrors on the James Webb Space Telescope ahead of a critical thruster firing on Monday.

    With less than 50,000km to go until the spacecraft reaches its L2 orbit, the segments that make up the primary mirror of the James Webb Space Telescope (JWST) are ready for alignment. The team carefully moved all 132 actuators lurking on the back of the primary mirror segments and secondary mirror, driving the former 12.5mm away from the telescope structure.

    Continue reading
  • Arm rages against the insecure chip machine with new Morello architecture

    Prototypes now available for testing

    Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.

    The Morello programme involves Arm collaborating with the University of Cambridge and others in tech to develop a processor architecture that is intended to be fundamentally more secure. Morello prototype boards are now being released for testing by developers and security specialists, based on a prototype system-on-chip (SoC) that Arm has built.

    Arm said that the limited-edition evaluation boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor. This is an adaptation of the architecture in the Arm Neoverse N1 design aimed at data centre workloads.

    Continue reading

Biting the hand that feeds IT © 1998–2022