Google launched its own root certificate authority as part of an effort to implement the secure web protocol HTTPS across its products and services, SecurityWeek reported.

The move reflects the technology giant’s belief that HTTPS represents the foundational technology for both the future of the web and its own products. Having its own root certificate authority will help Google introduce HTTPS more efficiently.

Introducing Google Trust Services

Known as Google Trust Services, the root certificate authority will operate on behalf of Google and parent company Alphabet. The authority will allow the company to independently handle its own certification requirements.

Websites and online services use digital certificates, which must be signed by a trusted certificate authority, to authenticate their identities to browsers. This independent root certificate authority means Google will no longer rely on intermediaries to authenticate sites and services.

The company will control the entire certificate issuance, management and revocation process. According to eWEEK, Google will also be in a stronger position to identify improperly issued certificates across its domains.

Shifting to Googe’s Root Certificate Authority

Embedding root certificates into products can be a time-consuming process. eWEEK reported that Google bought two existing root certificate authorities, known as GlobalSign R2 and R4, to help it issue independent certificates sooner rather than later.

The company also announced intentions to continue operating its existing GIAG2 subordinate certificate authority. This continuation will provide support as the firm moves to its new, independent certification infrastructure.

In a Google blog post, Ryan Hurst, who works in security and privacy engineering for Google, advised developers to take note of the new requirements. Developers will need to include Google’s root certificates in products designed to connect to the company’s online properties in the future.

Encryption and the Future of the Web

Google’s commitment to HTTPS is strong. In 2015, it announced that its search engine would favor sites that use HTTPS instead of the weaker HTTP, Wired reported.

The same article also noted that developers who support smaller websites may struggle to implement HTTPS due to lack of know-how and financial investment. Encouragingly, though, the number of sites encrypted by HTTPS recently passed 50 percent globally.

The future of the web appears strongly connected to the use of HTTPS. Google’s launch of its own root certificate authority represents another step along that journey. Users and business owners should hope the destination is a safer and more secure internet.

More from

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Hack-for-Hire Groups May Be the New Face of Cybercrime

Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns. “We have seen hack-for-hire groups target human rights and political activists, journalists and other high-risk users around the world, putting their privacy, safety and security at risk,” Google TAG says. “They also conduct corporate espionage, handily obscuring their clients’ role.”…