Google & Spotify Make Open Source Security Music
Google and Spotify are releasing Forseti, a set of open source security tools for Google Cloud Platform users.
"Forseti gives us visibility into the GCP infrastructure that we didn't have before, and we use it to help make sure we have the right controls in place and stay ahead of the game," according to Spotify engineers, in a post on the Google Cloud Platform blog scheduled to go live Friday, which Google sent to Enterprise Cloud News in advance.
The blog post continues, "It helps keep us informed about what's going on in our environment so that we can quickly find out about any risky misconfigurations so they can be fixed right away. These tools allow us to create a workflow that puts the security team in a proactive stance rather than a reactive one. We can inform everyone involved on time rather than waiting for an incident to happen."
The tools help Spotify's security team "to be a business enabler, rather than a blocker to getting things done," the Spotify engineers say.
Forseti, developed by engineers from both companies in collaboration, provides four sets of tools: Inventory, for visibility into existing Google Cloud Platform (GCP) resources; Scanner to validate access control policies across GCP resources; Enforcer to remove unwanted access to GCP resources; and Explain, to analyze "who has what access to GCP resources," according to the blog post.
The post concludes with a call to join the Forseti community.
Google's Forseti announcement comes a day after Microsoft announced plans for Microsoft Azure confidential computing technology for protecting data when it is in use and in the clear. (See Microsoft Azure 'Confidential Computing' Secures Data In Use.)
Last month, Google disclosed details of a chip called Titan, previously announced in March, to secure data center servers.
Security is becoming a bigger issue for enterprises after a series of break-ins and attacks, culminating with the recent Equifax hack that compromised records for up to 143 million people. (See Equifax Breach Won't Be the Last or Worst.)
- Google & Microsoft Tout Multi-Cloud, but Where's Amazon?
- Google Revs Container Engine for Security & Enterprise Apps
- Google Takes Fight to Amazon, Microsoft & Cisco
— Mitch Wagner Editor, Enterprise Cloud News
CALLING ALL CLOUD, NFV AND SDN COMPANIES: Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.