Service Provider Cloud

Google & Spotify Make Open Source Security Music

Google and Spotify are releasing Forseti, a set of open source security tools for Google Cloud Platform users.

"Forseti gives us visibility into the GCP infrastructure that we didn't have before, and we use it to help make sure we have the right controls in place and stay ahead of the game," according to Spotify engineers, in a post on the Google Cloud Platform blog scheduled to go live Friday, which Google sent to Enterprise Cloud News in advance.

The blog post continues, "It helps keep us informed about what's going on in our environment so that we can quickly find out about any risky misconfigurations so they can be fixed right away. These tools allow us to create a workflow that puts the security team in a proactive stance rather than a reactive one. We can inform everyone involved on time rather than waiting for an incident to happen."

Google booth at Mobile World Congress in Barcelona this year.
Google booth at Mobile World Congress in Barcelona this year.

The tools help Spotify's security team "to be a business enabler, rather than a blocker to getting things done," the Spotify engineers say.

Forseti, developed by engineers from both companies in collaboration, provides four sets of tools: Inventory, for visibility into existing Google Cloud Platform (GCP) resources; Scanner to validate access control policies across GCP resources; Enforcer to remove unwanted access to GCP resources; and Explain, to analyze "who has what access to GCP resources," according to the blog post.

The post concludes with a call to join the Forseti community.

Google's Forseti announcement comes a day after Microsoft announced plans for Microsoft Azure confidential computing technology for protecting data when it is in use and in the clear. (See Microsoft Azure 'Confidential Computing' Secures Data In Use.)

Last month, Google disclosed details of a chip called Titan, previously announced in March, to secure data center servers.

Security is becoming a bigger issue for enterprises after a series of break-ins and attacks, culminating with the recent Equifax hack that compromised records for up to 143 million people. (See Equifax Breach Won't Be the Last or Worst.)

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.

kq4ym 9/22/2017 | 12:22:06 PM
Re: GCP The tie-in between Google and Spotify along with the benefits of getting the expertise to run the cloud, allows some cross-publicity as well, as seen here and other places the brands build their names and products through the interactions between the two.
Joe Stanganelli 9/16/2017 | 10:51:09 PM
Re: GCP > Why is it they don't build their own private cloud?

Because, I suppose, they expressly don't want to be in the private cloud business.

Even Netflix uses AWS.
danielcawrey 9/16/2017 | 1:19:24 PM
GCP I didn't even know Spotify was working with Google Cloud Platform. Why is it they don't build their own private cloud? Maybe it's because Google is giving them the tools they need to keep the business running optimally. 
Sign In