Google Cloud accidentally deletes a financial institution account due to ‘unprecedented misconfiguration’

Moonrise2473@feddit.it to Technology@lemmy.ml – 449 points –
Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’
theguardian.com

A week of downtime and all the servers were recovered only because the customer had a proper disaster recovery protocol and held backups somewhere else, otherwise Google deleted the backups too

Google cloud ceo says "it won't happen anymore", it's insane that there's the possibility of "instant delete everything"

68

You are viewing a single comment

I'm not the one who you were responding to, but considering google's history, I don't believe anything they claim, because they have lied so many times in the past, and because every "privacy guarantee" they provide is practically unprovable. It's nothing more than wishful thinking to think that google does nothing with government data stored with them, with google classroom data of millions of children, and others. They have shown that they can't be trusted.

If they lied about this and are accessing very confidential information I think my company would sue the giblets off Google.

You need to remember we are talking about Google Cloud, the enterprise services they offer and not Gmail and search engines.

I only have one question: how will your company find out?

Same way companies know they've been hacked. I'm making the assumption you're non technical, given the question. But there are many ways such as access logs, server monitoring etc

But there are many ways such as access logs, server monitoring etc

Which are all in the control of the company running the servers. If we trust the company, we can trust them giving honest information on these, but if we don't trust the company.. they could just redact logs or even straight out fake them

I think you live in a fantasy world fella. Also server monitoring isn't done by Google, it's don't by another 3rd party company.

b2b and audited security standards are a whole different thing - you deal with finance and health you’ve gotta prove to a 3rd party over and over that you have controls and technology in place to make sure you aren’t lying

this isn’t consumer BS

This. Even if by some miracle Google isn't accessing everything on corporate cloud, it is an evil company and the policy can change. It's a very untrustworthy and unreliable base for a business. And I'm not even talking about the fact that businesses that pay for the cloud are financially supporting Google