Skip to main content
banner image
venafi logo

Amazon’s Pay-As-You-Go Private CA: What Does It Mean for You?

Amazon’s Pay-As-You-Go Private CA: What Does It Mean for You?

aws private certificate authority
April 5, 2018 | Eva Hanscom

On April 4th, Amazon Web Services announced a sweeping set of new security tools. The new products included AWS Secrets Managerand Firewall Manager, which aim to grant users more control over database credentials and security policies. One of AWS’s most interesting new features was for the AWS Certificate Manager (ACM) called Private Certificate Authority (CA).

“This lets customers securely manage the lifecycle of private certificates with pay-as-you-go pricing,” writes Stephanie Condon, security reporter for ZDNet. “Previously, private certificates required expensive, specialized infrastructure and security expertise. The new feature lets developers provision private certificates with a few API calls, and it gives administrators a central CA management console and fine-grained access control through IAM policies.”

So, what does Amazon’s Private CA service mean for enterprises? According to our experts at Venafi, this feature will simplify PKI for users that exclusively operate AWS. However, organizations that use AWS alongside of an on-premise PKI may not see the same advantages. The new service also complicates multi-cloud deployments because it adds another touch-point to manage.

“Amazon’s continued focus on simplifying the security of cloud infrastructure is very good news,” says Broderick Perelli-Harris, senior director of professional services for Venafi. “The industry needs stronger and easier security to guarantee the integrity of sensitive data. Overall, these new features will help smaller-to-medium sized enterprises that cannot maintain their own PKI infrastructure and only operate within the AWS Cloud environment. However, larger enterprises, who may already be operating their own internal PKIs will find less value here.”

Heather Robertson, senior product marketing manager for Venafi, offers her thoughts: “Amazon’s ‘easy’ service is good for their customers because PKI is traditionally difficult to stand up and manage. But the reality is that many enterprises exist in hybrid environments that are shifting workloads into the cloud, but still maintain traditional datacenters. If every device, and machine requires its own private keys and certificates – well, that’s a lot of spaghetti to untangle.”

“This service is exclusive to AWS customers, but won’t significantly help high-end enterprises with their management problem,” Robertson concludes. “Those organizations will need to find additional help elsewhere. A Certificate Authority-agnostic management platform will give them global intelligence across physical, virtual, cloud and mobile environments.”

What do you think about AWS’sPrivate Certificate Authority?

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

man sitting on chair and thinking

Venafi Study: Are Financial Service Organizations More Likely to Suffer Certificate-Related Outages?

accessec, APIIDA, Crypto4A, Difenda

Six Groundbreaking Machine Identity Protection Developers Gain Funding

code signing certificates, Code Signing, Stuxnet, ShadowHammer

Study: How Well Are You Protecting Code Signing Certificates?

About the author

Eva Hanscom
Eva Hanscom

Eva Hanscom writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat