Google, Spotify Build Open-Source Community for GCP Security

Google and Spotify today announced they've been developing security tools to help businesses protect projects on the Google Cloud Platform (GCP). The tools are now available in an open-source community called Forseti Security, which is open to all GCP users, the companies report.

The idea for Forseti sparked when Spotify moved its back-end data infrastructure from in-house data centers to the cloud. It wanted to build more specific tools to automate security processes for its engineering team. Google had already developed its own security tools for the platform, so the two decided to work together rather than separately develop their own products.

Forseti is an open-source kit that organizations can use to ensure they have the right security controls in place throughout GCP. Tools include: Inventory, for visibility into GCP resources; Scanner, for verifying access control policies; Enforcer, for removing unwanted access to GCP resources; and Explain, for analyzing who has access to different resources.

Spotify, for example, has used Forseti to create a notification pipeline that alerts its team to potentially dangerous misconfigurations in GCP. If a violation is found during a resource scan, it triggers a notification and the team responsible is automatically alerted.  

Read more details and learn how to participate here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.