Why you should use Forseti Security
Forseti Security is an open-source tool that helps you manage security rules for all of your projects in GCP. What does it mean? I will explain this to you in this article.
The security was always most important in IT. Today almost all companies are using cloud services. Cloud providers say — “Our cloud is secured,” but if you check agreements, you will see that there are a lot of responsibilities on your side. It is easy and not easy to be secure in GCP. You can apply best practices according to this article: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations, but how to be sure that we are accurate?
The answer is Forseti Security. Why? Because you can get insights — what assets do you have in your organization, how do you use it, who has access, and how accessing your resources. Forseti Security covers:
- Inventory — takes snapshots of configuration GCP environment.
- Scanner — regularly compare role-based access policies for your GCP resources.
- Enforcer — uses policies you create to compare the current state of your Compute Engine firewall to the desired state.
- Explain — add-on module provides visibility into your Cloud Identity and Access Management (Cloud IAM) policies.
- Email Notifier — send email notifications for Inventory and Scanner using the SendGrid API.
You should integrate Forseti Security with other services, especially with Google Security Command Center (https://cloud.google.com/security-command-center), and in my opinion, with Forseti Visualiser (https://github.com/forseti-security/forseti-visualizer).
OK. Let’s think — we will install Forseti Security, which stores everything about my assets in GCP — it is dangerous because all sensitive data is stored in one place. The security of Forseti Security is the reason why I am writing this article. I will guide you through the secured installation and configuration process of Forseti Security.