Business Insider recently published an article which outlined a customer’s negative experience with Google Cloud Platform (GCP). In short, the customer left some security vulnerabilities open in their server which was hosted by GCP, allowing the instance to be compromised and used as an agent in a DDoS attack which Google identified. Google notified the customer but the customer was unable to contact Google for further discussion, and three days later GCP shut down the customer’s account for malicious use, resulting in significant impacts to the customer’s business. As you could imagine, this is far from an irregular occurrence. These types of attacks occur to all kinds of computational systems, cloud and otherwise, and they raise visibility to the important role that Partners can serve for cloud customers. While Google sends alerts to affected businesses and their systems integrators, sometimes these Partners have more bandwidth and expertise to diffuse any issues and ensure the customer’s business processes can continue to run smoothly.
As a GCP Premier Partner and systems integrator, we’ve seen it happen. Recently, we had a customer get alerted by Google automatically assessing whether they were running software which was subject to a major recent Linux vulnerability. These notifications were sent out programmatically to the assigned project owners for each affected project. Most customers received the email alerts and took the advised action of patching the OS. However, not all alert recipients acknowledged the notification. This is where systems integrators can help GCP users stay safe and understand proper courses of action should any issues arise.
Integrators also receive the notifications their customers see, and are additionally always on the alert for new security vulnerabilities whether unique to a client’s OS, software, or the cloud itself. This can allow them to proactively reach out to customers to ensure they know of the vulnerability and how to address it.
For example, if an attacker compromises the projects of a Partner’s customer, Google will send notifications of misuse, warning that the project will be shut down in three days both to the project’s owners as well as their Partner. This allows the Partner to work with both the customer as well as Google to ensure the vulnerability is patched, the instances are not shut down or revoked, and proper communication flows throughout all involved parties.
In the limited cases where our own customers have experienced this, we’ve been able to provide a real human to speak to in short order and peace of mind for both the customer and Google. Our brokering of the relationship between customer and Google keeps both sides calm, which keep their actions calculated and reasonable.
In one case from recent memory, Google sent a notification to one of our customers for misuse though the customer insisted there was no such trouble. We were able to notify Google that the customer was performing high volume network activity intentionally and not due to an attack. SADA worked with both Google and the customer to ensure that this was the case and that all “suspect” behavior was in fact expected and warranted. In all cases, the involvement of a Partner prevented downtime, ensured security, and overall strengthened the relationship between the customer and Google. Should something go awry, Partners are readily available to ensure problems are solved and future interruptions limited.