Are You Concerned About Using Amazon for Certificate Services?

It's important to think about security processes differently for vendors. As someone who's seen both sides, I believe how vendors manage the certificates can be more crucial than just how they get issued. Our team automates this process to minimize human error, which is key in maintaining trust with our customers.

I get what you’re saying about the risks of relying on a single vendor. But honestly, the Internet itself brings its own security concerns. It’s vital to communicate these concerns to your management while also considering what they value in decision-making. You might feel that using a single vendor could be a risk, but higher-ups may not prioritize this as much.

You're not wrong that all major providers face risks from hackers or internal issues. Every large platform can be a target. But the key issue with the upcoming certificate changes seems to be more about operational costs and how to manage those new requirements rather than just security.

I think you're mixing up the acronyms; it sounds like you're talking about ACM (AWS Certificate Manager), right? There isn’t actually a service called ACS in AWS. Just make sure you're in the right context when discussing this.

It's true that every certificate authority (CA) carries its own risks. But in your scenario, if something goes wrong, you can always revoke and reissue certificates. Automation for cert renewals and planning for revocation events is crucial. You're already doing part of this with CNAME records allowing vendors specific domain control for validation.