Google recently announced two new initiatives designed to strengthen its already imposing presence in the cloud security space. First, Google teamed up with Spotify to develop an open source security toolkit called Forseti Security. Forseti’s framework focuses on Google Cloud Project (GCP) security. The second announcement unveiled Google Cloud Endpoints, which helps developers monitor, share, and protect their APIs.
The Endpoints system should give developers more control over who can access their API and where their API keys are distributed. Forseti Security grew out of an unlikely pairing. According to representatives at Spotify, the music-streaming giant began building on existing GCP security tools to safeguard their own servers. Once they moved their back-end infrastructure to the cloud, they wanted to push these GCP tools even further. Spotify’s team eventually got word that Google was already working on streamlining and improving their GCP tools. So, naturally, they decided to collaborate on the same end goal.
Forseti has three main features that developers can dive into right away. First, it catalogs provides snapshots of existing GCP resources. The Inventory module tells developers about what’s in their cloud on a recurring cadence. Second, Forseti’s Scanner module assesses a developer’s GCP resources and protects the program against unwanted or unsafe changes to the cloud’s access controls. It is both a monitoring and early-warning system. Third, the Enforcer module ensures that policy files and resources in a GCP remain as the developer intended. If the Enforcer detects a difference between the desired state and current state of GCP resources, it will use Google Cloud APIs to fix the discrepancy.
Forseti also features an optional fourth module called IAM Explain, which helps developers better understand and use Cloud Identity and Access Management (Cloud IAM) policies. IAM Explain is available as an add-on to the existing Forseti features.
The Forseti code is available on GitHub, and Spotify and Google have both made a point to emphasize how the open source community can continue to build upon and improve cloud security frameworks like Forseti.
Google’s other new project—Google Cloud Endpoints—also beefs up their cloud security resume. Developers can better manage their APIs using an NGINX-based proxy and distributed security architecture. The Endpoints system mostly deals with API keys and how developers decide to distribute them. Sometimes limiting access to API keys is essential for application development and testing. The Endpoints user authentication system gives developers control over JSON Web Tokens (JWTs). These keys are used with passwords, authentication, and are monitored with automatic validation technology. Google has said that many of its cloud developers nowadays tend to use Endpoints because it features these JSON tokens.
Google has recently been moving aggressively to bolster their presence in the cloud security space. These two new frameworks—Forseti and Cloud Endpoints—are now part of the rapidly growing repertoire of cloud security tools available to developers.