Google Cloud accidentally deletes a financial institution account due to ‘unprecedented misconfiguration’
theguardian.com
A week of downtime and all the servers were recovered only because the customer had a proper disaster recovery protocol and held backups somewhere else, otherwise Google deleted the backups too
Google cloud ceo says "it won't happen anymore", it's insane that there's the possibility of "instant delete everything"
You are viewing a single comment
Money. It's a lot cheaper to let somebody else maintain your systems than to pay somebody to create and maintain your own, directly.
Flexibility is a huge one too. Much easier to upscale / downscale.
If you are a small company then yes. But i would argue that for larger companies this doesn't hold true. If you have 200 employees you'll need an IT department either way. You need IT expertise either way. So having some people who know how to plan, implement and maintain physical hardware makes sense too.
There is a breaking point between economics of scale and the added efforts to coordinate between your company and the service provider plus paying that service providers overhead and profits.
If coordinating with service providers is hard for a firm, I would argue the cost effective answer isn't "let's do all this in house". Many big finance firms fall in this trap of thinking it's cheaper to build v buy, and that's how you get everyone building their own worse versions of everything. Whether your firm is good at the markets or kitchens or travel bookings, thinking you can efficiently in-source tech is a huge fallacy.
it is not about it being hard. It simply creates effort to coordinate. And this effort needs to be considered. If you do things externally that means there is two PMs to pay, you need QMs on both sides, you need two legal/contract teams, you need to pay someone in procurement and someone in sales...
I agree with you that doing software inhouse when there is good options on the market is usually not a good idea. But for infrastructure i don't see there to be as much of an efficiency loss. Especially as you very much need experts on how to set things up in a cloud environment and you better look carefully at how many resources you need to not overpay huge amounts.
Except for the larger companies you still need a bunch of trained experts in house to manage everything.
Yes, and they're the company's resources so they theoretically do what's best for the company as opposed to hoping Google or (godforbid Microsoft) does it.
The money gets paid either way, and if you have good people it's often the right call to keep it in house but inevitably somebody read a business book last year and wants to layoff all the IT people and let Google handle it "for savings". Later directors are amazed at how much money they're spending just to host and use the data they used to have in-house because they don't own anything anymore.
There are still benefits - cloud DevOps tools are usually pretty slick, and unless your company has built a bunch of those already or is good about doing it, it might still be worth it in terms of being able to change quickly. But it's still a version of the age old IT maxim to never own or build it yourself when you can pay someone a huge subscription and then sue them if you have to. I don't like it, but it's pretty much iron in the executive suite.
As a result, IT departments or companies spend much more than half of their time - totalling years or decades - moving from whatever they were using to whatever is supposed to be better. Almost all of that effort is barely break-even if not wasted. That's just the nature of the beast.
It's absolutely not. If you are at any kind of scale whatsoever, your yearly spend will be a minimum of 2x at a cloud provider rather then creating and operating the same system locally including all the employees, contracts, etc.
It very frequently is not.
No I meant that Google Cloud is very invasive. Why not to use a more ethical provider?
Why do you think it's invasive? How do you quantify which providers are less invasive?
Google is one of the most privacy invasive companies in the world. And judging by encryption standards, terms of service and privacy policies
Are you sure you've not just read bad stuff without verification on the internet and feel the need to chime in on something you don't fully understand?
Yes. I read Google's policies many times.
Me too as a programmer that uses Google cloud to store government information. Which bit of the policy says they are going to access your data, shouldn't take you long to link it to me if you read them as much as you say. Unless what you're actually doing is spreading misinformation and bullshit.
I'm not the one who you were responding to, but considering google's history, I don't believe anything they claim, because they have lied so many times in the past, and because every "privacy guarantee" they provide is practically unprovable. It's nothing more than wishful thinking to think that google does nothing with government data stored with them, with google classroom data of millions of children, and others. They have shown that they can't be trusted.
If they lied about this and are accessing very confidential information I think my company would sue the giblets off Google.
You need to remember we are talking about Google Cloud, the enterprise services they offer and not Gmail and search engines.
I only have one question: how will your company find out?
Same way companies know they've been hacked. I'm making the assumption you're non technical, given the question. But there are many ways such as access logs, server monitoring etc
Which are all in the control of the company running the servers. If we trust the company, we can trust them giving honest information on these, but if we don't trust the company.. they could just redact logs or even straight out fake them
I think you live in a fantasy world fella. Also server monitoring isn't done by Google, it's don't by another 3rd party company.
b2b and audited security standards are a whole different thing - you deal with finance and health you’ve gotta prove to a 3rd party over and over that you have controls and technology in place to make sure you aren’t lying
this isn’t consumer BS
This. Even if by some miracle Google isn't accessing everything on corporate cloud, it is an evil company and the policy can change. It's a very untrustworthy and unreliable base for a business. And I'm not even talking about the fact that businesses that pay for the cloud are financially supporting Google
and you know the security standards that are achievable on google cloud entirely negate your point right? their cloud offering is a totally different beast