Shorticle 845 – Vault managed platform security using Google Cloud Certificate Manager

Recently Google announced General Availability of Google Cloud Certificate Manager, which is similar to Azure Key Vault and Amazon Key Management Service (KMS). Though Google cloud has Secrets Manager and Key Manager to handle security feature, Certificate Manager works as a vault protection to access, manage and deploy Trusted Layer Security (TLS) for Google Cloud workloads. Google Cloud Certificate Manager can handle below types of TLS certificates:

·????????Self-managed certificates where the onus on us to create, obtain, manage, renew and delete certificates. We need to handle certificate expiry by either renewing the certificate or obtaining new certificate and configure as required for the applications.

·????????Google managed certificates are Domain Validation (DV) certificates where Google takes care of obtaining, renewing and managing the certificates. We don’t need to worry about certificate expiry and we can configure auto-renew to manage it by Google automatically.

·????????Wildcard certificates are used for all the subdomains in a larger domain network. We can use same certificate for all subdomains to grant access to secure and encrypt web servers and applications. It reduces work in encrypted network access and increases security in subdomain access.

Google Cloud Certificate Manager can handle load balancer like External HTTP(s) load balancer (Classic) for HTTPS proxies and SSL proxies and Global external HTTPS load balancer for HTTPS proxies for DNS authorization and domain filtering for granting access to client requests.

During a client request, Certificate Manager acts as wallet of certificates to provide and deploy X.509 certificates like a public Certificate Authority (CA) to authenticate and encrypt internet traffic to respond to the client request. It can be used with Standard tier and premium tier network services to encrypt and protect cloud resource access.

Google Cloud Certificate Manager provides a centralized management and operations of trusted certificates to enable two-way SSL handshake between client and server communication in a cloud network architecture and it is scalable in nature to adopt workloads without failing in Ingress/Egress network failure in secured network architecture.

For further read: https://cloud.google.com/blog/products/identity-security/introducing-general-availability-of-google-cloud-certificate-manager

#magtechbytes #wipro #shorticle #shorticlegcp