Why you should use Forseti Security

Forseti Security is an open-source tool that helps you manage security rules for all of your projects in GCP. What does it mean? I will explain this to you in this article.

The security was always most important in IT. Today almost all companies are using cloud services. Cloud providers say — “Our cloud is secured,” but if you check agreements, you will see that there are a lot of responsibilities on your side. It is easy and not easy to be secure in GCP. You can apply best practices according to this article: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations, but how to be sure that we are accurate?

The answer is Forseti Security. Why? Because you can get insights — what assets do you have in your organization, how do you use it, who has access, and how accessing your resources. Forseti Security covers:

• Inventory — takes snapshots of configuration GCP environment.
• Scanner — regularly compare role-based access policies for your GCP resources.
• Enforcer — uses policies you create to compare the current state of your Compute Engine firewall to the desired state.
• Explain — add-on module provides visibility into your Cloud Identity and Access Management (Cloud IAM) policies.
• Email Notifier — send email notifications for Inventory and Scanner using the SendGrid API.

You should integrate Forseti Security with other services, especially with Google Security Command Center (https://cloud.google.com/security-command-center), and in my opinion, with Forseti Visualiser (https://github.com/forseti-security/forseti-visualizer).

OK. Let’s think — we will install Forseti Security, which stores everything about my assets in GCP — it is dangerous because all sensitive data is stored in one place. The security of Forseti Security is the reason why I am writing this article. I will guide you through the secured installation and configuration process of Forseti Security.