17 September 2019
One of the greatest challenges customers face when onboarding in the cloud is how to control and protect their assets while letting their users deploy resources securely.
17 September 2019
Forseti Community,
30 August 2019
We’re pleased to invite you to Google’s Forseti Community Day on Monday, November 18th (Right before Next London 2019, Next Ticket NOT required). Join us for a fun, interactive, and hands-on day shaping the next generation of Google Cloud Platform (GCP) security tools. Registration is now closed for this event.
08 July 2019
Among security professionals, one way to identify a breach or spurious entity is to detect anomalies and abnormalities in customer usage trend. Recently, we launched the “Forseti Intelligent Agents” experimental initiative to identify anomalies, enable systems to take advantage of common user usage patterns, and identify other outlier data points. In this way, we hope to help security specialists for whom it’s otherwise cumbersome and time-consuming to manually flag these data points.
06 June 2019
With the release of the external project access scanner, data exfiltration can be mitigated by identifying users who have access to projects outside of your organization or folder. In GCP, the best practice is to use service accounts to perform actions where a GCP user isn’t directly involved. The challenge here is that a service account only has permissions in the organization where Forseti is deployed. In other words, if Forseti is deployed in Organization A, it can’t see what projects a user has access to in Organization B.
This is where the concept of “delegated credentials” becomes incredibly useful. Delegated credentials allow a service account to temporarily act as a user. After compiling a list of users in the organization, the service account impersonates each user with these delegated credentials. The scanner then obtains the list of projects to which each user has access, regardless of the organization node.
29 May 2019
At long last we’re happy to share the presentation materials from the second annual Forseti Community Day in San Francisco, held on April 12th!
10 April 2019
Today we’re excited to announce Forseti Config Validator, the newest addition to the Forseti Security toolkit. Config Validator helps cloud admins put guardrails in place to protect against misconfigurations in Google Cloud Platform environments. This allows developers to move quickly, and gives security and governance teams the ability to enforce security at scale.
01 April 2019
We’re excited to share details about the schedule for Forseti Community Day. As a reminder, this event will take place on Friday, April 12th, at the Google Community Space from 9:00 am to 4:30 pm. If you’d like to attend, please sign up here!