A Review of Forseti Security for GCP

This is a write-up of the findings from the Forseti Security POC which was conducted with Forseti Security v1.1.8.

The results of this phase are clear: Forseti Security is too immature to add any value to my organization at this time.  This conclusion has been reached after reviewing all the existing documentation for Forseti and after using it for 2 weeks in GCP.

While some of the planned functionality will be of some value to my organization once implemented, the 2 primary needs(Configuration Diffs and IAM Policy Enumeration) are not currently supported in Forseti Security.

1     Purpose

1.1    Introduction

This document details the findings from the Forseti Security POC.

This technical proof of concept was conducted to evaluate whether Forseti Security at its current level of implementation could be suitable for use in my organization’s GCP environment.  The primary objective of this POC is to evaluate if Forseti can determine changes in the GCP environment and whether Forseti could enumerate IAM Policies and Roles.

Continue reading A Review of Forseti Security for GCP