Skip to main content
banner image
venafi logo

Amazon’s Pay-As-You-Go Private CA: What Does It Mean for You?

Amazon’s Pay-As-You-Go Private CA: What Does It Mean for You?

aws private certificate authority
April 5, 2018 | Emil Hanscom

On April 4th, Amazon Web Services announced a sweeping set of new security tools. The new products included AWS Secrets Managerand Firewall Manager, which aim to grant users more control over database credentials and security policies. One of AWS’s most interesting new features was for the AWS Certificate Manager (ACM) called Private Certificate Authority (CA).

“This lets customers securely manage the lifecycle of private certificates with pay-as-you-go pricing,” writes Stephanie Condon, security reporter for ZDNet. “Previously, private certificates required expensive, specialized infrastructure and security expertise. The new feature lets developers provision private certificates with a few API calls, and it gives administrators a central CA management console and fine-grained access control through IAM policies.”


So, what does Amazon’s Private CA service mean for enterprises? According to our experts at Venafi, this feature will simplify PKI for users that exclusively operate AWS. However, organizations that use AWS alongside of an on-premise PKI may not see the same advantages. The new service also complicates multi-cloud deployments because it adds another touch-point to manage.

“Amazon’s continued focus on simplifying the security of cloud infrastructure is very good news,” says Broderick Perelli-Harris, senior director of professional services for Venafi. “The industry needs stronger and easier security to guarantee the integrity of sensitive data. Overall, these new features will help smaller-to-medium sized enterprises that cannot maintain their own PKI infrastructure and only operate within the AWS Cloud environment. However, larger enterprises, who may already be operating their own internal PKIs will find less value here.”

Heather Robertson, senior product marketing manager for Venafi, offers her thoughts: “Amazon’s ‘easy’ service is good for their customers because PKI is traditionally difficult to stand up and manage. But the reality is that many enterprises exist in hybrid environments that are shifting workloads into the cloud, but still maintain traditional datacenters. If every device, and machine requires its own private keys and certificates – well, that’s a lot of spaghetti to untangle.”

“This service is exclusive to AWS customers, but won’t significantly help high-end enterprises with their management problem,” Robertson concludes. “Those organizations will need to find additional help elsewhere. A Certificate Authority-agnostic management platform will give them global intelligence across physical, virtual, cloud and mobile environments.”

What do you think about AWS’sPrivate Certificate Authority?

Learn more about machine identity management. Explore now.

Related blogs

Like this blog? We think you will love this.
Featured Blog

How to Stop Outages in Your Kubernetes Clusters [Case Study]

InfoSec vs platform development teams

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more