Forseti Security

San Jose, CA, USA
2017
  |  By Adrien Walkowiak
In the previous posts of this series, we discussed how you can secure your infrastructure at scale by applying security policies as code to continuously monitor your environment with the Config Validator policy library and Forseti. In this article, we’ll discuss how you can reuse the exact same policies and Terraform Validator to preventively check your infrastructure deployments, and block bad resources from being deployed in Google Cloud Platform (GCP).
  |  By Adrien Walkowiak
No two Google Cloud environments are the same, and how you protect them isn’t either. In previous posts, we showed you how to use the Config Validator scanner in Forseti to look for violations in your GCP infrastructure by writing policy constraints and scanning for labels. These constraints are a good way for you to translate your security policies into code and can be configured to meet your granular requirements.
  |  By Adrien Walkowiak
Welcome back to our series on best practices for managing and securing your Google Cloud infrastructure at scale. In a previous post, we talked about how to use the open-source tools Forseti and Config Validator to scan for non-compliant tools in your environment. Today, we’ll go one step further and show you another best practice for security operations: the systematic use of labels.
  |  By Adrien Walkowiak
One of the greatest challenges customers face when onboarding in the cloud is how to control and protect their assets while letting their users deploy resources securely. In this series of four articles, we’ll show you how to start implementing your security policies at scale on Google Cloud Platform (GCP). The goal is to write your security policies as code once and for all, and to apply them both before and after you deploy resources in your GCP environment.
  |  By Garrett Wong
Google Cloud Platform (GCP) includes a powerful resource hierarchy that establishes who owns a specific resource, and through which you can apply access controls and organizational policies. But understanding the GCP resource hierarchy can be hard. For example, what does a GCP Organization “look” like? What networks exist within it? Do specific resources violate established security policies? To which service accounts and groups visualizing do you have access?
  |  By Google Cloud Machine Learning team
Among security professionals, one way to identify a breach or spurious entity is to detect anomalies and abnormalities in customer’ usage trend. At Google, we use Forseti, a community-driven collection of open-source tools to improve the security of Google Cloud Platform (GCP) environments. Recently, we launched the “Forseti Intelligent Agents” initiative to identify anomalies, enable systems to take advantage of common user usage patterns, and identify other outlier data points.
  |  By Kenneth D. Evensen
Editor’s note: This is the second post in a series about Forseti Security, an open-source security toolkit for Google Cloud Platform (GCP) environments . In our last post, ClearDATA told us about a serverless alternative to the usual way of deploying Forseti in a dedicated VM. In this post, we learn about Forseti’s new External Project Access Scanner. With data breaches or leaks a common headline, cloud data security is a constant concern for organizations today.
  |  By Ross Vandegrift
ClearDATA provides cloud services and DevOps expertise to help healthcare and life science companies realize the benefits of the cloud. Our mission is to make healthcare better by helping conservative, heavily regulated healthcare entities innovate safely in the cloud.
  |  By Brett Curtis
A while back I wrote up a post on the quick install of Forseti Security. I had a chance to mess around with the 2.0 version and wanted to note a few things down here and talk about how I’m trying out the idea of Security Policy as Code.
  |  By Brett Curtis
Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future. The install is pretty simple since it’s contained within a Deployment Manager template. Deployment Manager automates infrastructure deployments of Google Cloud Platform resources. I’m going to highlight some of the notes from the official Forseti documentation in this post for completeness.
  |  By Forseti Security
Learn how to work with Forseti, Google's open source security toolset, to monitor your policies and help keep you secure and compliant.

Open-source security tools for GCP:

  • Keep track of your environment: Take inventory snapshots of your Google Cloud Platform (GCP) resources on a recurring cadence so that you always have a history of what was in your cloud.
  • Monitor your policies: Scan your GCP resources to ensure that access controls are set as you intended and protected against unsafe changes.
  • Enforce rules: Ensure the safest settings are in place for your most sensitive GCP resources.
  • Understand your policies: Gain visibility into your Cloud Identity and Access Management (Cloud IAM) policies and answer key questions about who has what access to which resources.