Google & Spotify Make Open Source Security Music

Forseti is a set of open source security tools, developed by Google and Spotify, for Google Cloud Platform users.

Mitch Wagner, Executive Editor, Light Reading

September 15, 2017

3 Min Read
Google & Spotify Make Open Source Security Music

Google and Spotify are releasing Forseti, a set of open source security tools for Google Cloud Platform users.

"Forseti gives us visibility into the GCP infrastructure that we didn't have before, and we use it to help make sure we have the right controls in place and stay ahead of the game," according to Spotify engineers, in a post on the Google Cloud Platform blog scheduled to go live Friday, which Google sent to Enterprise Cloud News in advance.

The blog post continues, "It helps keep us informed about what's going on in our environment so that we can quickly find out about any risky misconfigurations so they can be fixed right away. These tools allow us to create a workflow that puts the security team in a proactive stance rather than a reactive one. We can inform everyone involved on time rather than waiting for an incident to happen."

Figure 1: Google booth at Mobile World Congress in Barcelona this year. Google booth at Mobile World Congress in Barcelona this year.

The tools help Spotify's security team "to be a business enabler, rather than a blocker to getting things done," the Spotify engineers say.

Forseti, developed by engineers from both companies in collaboration, provides four sets of tools: Inventory, for visibility into existing Google Cloud Platform (GCP) resources; Scanner to validate access control policies across GCP resources; Enforcer to remove unwanted access to GCP resources; and Explain, to analyze "who has what access to GCP resources," according to the blog post.

The post concludes with a call to join the Forseti community.

Google's Forseti announcement comes a day after Microsoft announced plans for Microsoft Azure confidential computing technology for protecting data when it is in use and in the clear. (See Microsoft Azure 'Confidential Computing' Secures Data In Use.)

Last month, Google disclosed details of a chip called Titan, previously announced in March, to secure data center servers.

Security is becoming a bigger issue for enterprises after a series of break-ins and attacks, culminating with the recent Equifax hack that compromised records for up to 143 million people. (See Equifax Breach Won't Be the Last or Worst.)

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like