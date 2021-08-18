



Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates and managing public key infrastructure (PKI) through automation. And last month, Google announced the general availability (GA) of the service.

Last August, the company launched a cloud-based CAS in public preview, allowing customers to configure the digital certificates they need for their public key infrastructure. Since then, several customers have used this service for a variety of use cases, such as identity management and the creation of digital signature services. In addition, following existing partners Venafi and AppViewx, three new members, Keyfactor, Jetstack and Smallstep, have joined the CAS partnership program.

With the GA release, Google has also added some additional features, including:

CA Rotation – Google has added a new feature to GA called the CA Pool. This allows a group of CAs to serve the same incoming request queue. Therefore, CA rotation can be achieved by adding a new CA to the pool and removing the old CA from the pool without changing the workload or client code. Policy extensions that allow you to define group policies for each user. That is, the administrator can define a certificate template that applies to all issued certificates that override (some or all) the parameters of the issued certificate. Google CloudCAS Terraform provider for configuring and managing services. Integration with cert-manager.io in collaboration with JetStack. The Hashicorp Vault plugin that allows you to be the source of policies, and Google Cloud CAS, the issuer of certificates. A quick setup guide for CASQwiklab customers.

Constellation Research Inc. Holger Mueller, Chief Analyst and Vice President of CAS, explains the need for CAS:

The modern digital economy is connected and you need to verify them to secure the connection. Unfortunately, creating relevant certificates can be a hassle for businesses when operating on-premises. It must be scalable, secure, and available 24 hours a day, 7 days a week. Therefore, Google requires the cloud service provided by CAS to move to GA. Now, like all new cloud services, we need to see what the adoption will look like.

In addition, one of our partners, Keyfactor’s Senior Product Marketing Manager, Ryan Sanders, wrote in a blog post:

To succeed in the era of hybrid and multi-cloud infrastructure, IT and security teams need to seriously rethink how PKIs are deployed and how digital certificates are managed. The secret to success is a simple and repeatable process for certificate management across all platforms and devices.

With the GA release, this service is available in different regions and will be added in the future. In addition, SLAs offer 99.9% availability per region for certificate creation, and there is a “pay-as-you-go” model for pricing. And finally, it complies with several international standards such as ISO 27001, 27017, 27018, SOC1, SOC2, SOC3 and BSIC5.

