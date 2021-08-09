



Google’s unattended project reminder feature is moving to public preview, aiming to improve cloud utilization and address security issues caused by older cloud computing projects that should no longer exist.

Unmanned project reminders, part of Google Cloud’s Active Assist, help mitigate security risks by finding older initiatives that don’t require network access, cloud resources, or supported APIs, such as prototyping projects.

Google developed this feature until 2021 as part of a prototype aimed at cleaning up unmanned internal projects.

According to Google Cloud, Google’s internal security team has been having problems with unmanned projects on radar for some time, so the two units have begun searching for unmanned cloud projects within the “google.com” organization.

It was a good idea, but Google had a detection issue because it was difficult to distinguish between a project that was actually unattended and a project that was intentionally low in activity using signals such as API, network, and user activity. I encountered.

Risks here include correctly identifying unattended projects and accidentally removing essential components for production workloads, causing inadvertent and persistent data loss. However, the benefits are reduced cloud billing for unwanted resources, open firewalls and privileged service account keys that can be exploited by attackers to acquire cloud resources for cryptocurrency mining or steal data. Includes reducing configuration issues such as.

“These security risks tend to increase over time, as the latest best practices and patches aren’t usually applied to unmanned projects,” Googe said.

To address these issues, we used real-world data to collaborate with our customers and found thousands of unmanned projects.

The main signals used by Unattended Project Reminder are API activity (such as service accounts where authentication and API calls are consumed), network activity, billing activity, user activity, and cloud service usage (active VMs, BigQuery jobs, etc.) Storage requests, etc.) are included. ..

“Recommendations for cleaning up underutilized projects based on these signals (“Low Utilization” uses a machine learning model that ranks projects in your organization at the level of usage. Can be defined) or generate recommendations for reusing the project. Usage is high, but there are no active project owners, “explains Google Cloud product managers Dima Melnyk and Bakh Inamov.

Insights and recommendations can be automatically sent to project owners via email or chat messages.

Administrators have the option to recover accidentally deleted projects. The recovery period is 30 days. However, Google is aware that some resources, such as CloudStorage and Pub / Sub resources, may be removed before the end of the 30-day period and may not be fully recoverable.

French sporting goods retail giant Decathlon has used this feature to remove 775 projects. “And no one complained,” said Adeline Villaget, Head of Cloud Security at Decathlon.

French utility Veolia and US file storage company Box have tried technologies to reduce the number of unmanned projects they support.

