GCP – How Philips Hue uses Google Cloud Certificate Authority Service to enable Matter integration
Signify (formerly known as Philips Lighting) is a global leader in lighting and smart home solutions, with over 35,000 employees and operations in over 180 countries. With the mission to unlock extraordinary potential of light for brighter lives and a better world, Philips Hue (one of Signify’s brands) delivers millions of smart and connected light bulbs to its customers every year. To further realize this vision, Philips Hue used Google Cloud Certificate Authority Service to help enable secure communication and connection for these IoT devices.
Certificate Authorities, a cornerstone for IoT security
Each Philips Hue bridge from Signify is equipped with digital certificates compliant with the Matter open source standard. These certificates ensure secure communication with the internet, backend services, and devices from partners.
To achieve secure communication, a user-friendly and seamlessly integrated Certificate Authority is necessary for enabling device attestation and global distribution of certificates. Furthermore, certificate distribution must occur rapidly and flawlessly to support globally-accepted partnership integration for devices operating within the Philips Hue customer network perimeter. For these requirements, Philips Hue opted to use Google Certificate Authority Service (CAS) over alternative public cloud services, self-hosted HSM hardware, or online HSM services. This decision was based on CAS’s key benefits, detailed below, and its alignment with the Matter Specifications and Policies.
To satisfy policy requirements, Philips Hue built a Matter Public key infrastructure (PKI) as a standalone Google Cloud project to enable mandatory governance and ceremony setup. This Matter Device Attestation Certificate (DAC) distribution service is configured with cross-account access using a least privilege strategy.
The flexibility of Google Cloud CAS has enabled Philips Hue to create diverse CA pools tailored to the scale and type of devices deployed globally. Google Cloud CAS’ extensive configuration options have allowed Philips Hue to seamlessly provide Matter DAC certificates to devices globally through a phased firmware rollout. This approach ensures that all newly activated devices receive Matter DAC certificates upon installation of Matter-enabled firmware.
Key impact and benefit of adopting Google Cloud Certificate Authority Service
Philips Hue saw multiple benefits from adopting Google Cloud CAS over alternative solutions:
1. Increased agility and scalability: As sales increased, Philips Hue was able to quickly and easily scale resources up as needed, without having to worry about managing their own infrastructure. This helps to meet one of the most critical business objectives which is to enable scaling while meeting the agreed SLOs with business owners.
2. Optimized and reduced costs: Google Cloud’s pay-as-you-go pricing model helped Philips Hue to optimize cost. Compared to hosting a homegrown Certificate Authority, Google Cloud Certificate Authority Service allowed Philips Hue to not have to manage hardware, licensing, networking assets etc. Google Cloud’s simple and programmatic interface also enabled increased automation, further optimizing cost and operational efficiency.
3. Improved security and reliability: Google Cloud offers a wide range of security and reliability features through its cloud platform that help Philips Hue protect its data and applications. For example, Google Cloud’s IAM functionalities allowed Signify to create clear separation between the responsibilities of multidisciplinary teams and enforce policies to achieve compliance with mandatory policies.
4. Enhanced innovation: Google Cloud’s innovative, cloud-based approach to Certificate Authority helps Philips Hue accelerate their innovation and bring new products and services to market faster.
The number of IoT and smart devices are quickly growing around the world. Through continued collaboration with customers like Philips Hue, Google Cloud accelerates innovation in this area and makes cloud-based Certificate Authorities the preferred approach for IoT vendors. You can learn more about the Google Cloud CAS here.
Read More for the details.