Hacker News new | ask | show | jobs
by skrebbel 1981 days ago
I love the idea of GCP but I can't shake the fear that one colleague, using the company Gmail account, posts something somewhere on the internet that Google's morality-du-jour considers unacceptable, and the Google AI Killbot disables our entire account, GCP included, ruining the business, with nobody to call, nothing to do, except tweet and post on HN and hope someone at Google listens.

I don't mean this as a flamebait hyperbole, this is truly the single thing that keeps from moving our business to GCP because, like you say, that BigQuery thing tastes sweet.

How do you deal with this? Is there any sort of guarantee with GCP that I missed where they promise not to do this?
11 comments
williamstein 1981 days ago
I've been using GCP since 2014 to run cocalc.com, and at some points in the past people have used it to launch attacks or mine bitcoin (we make that much more difficult now). Google did temporarily block or suspend our resources, but the experience was nothing like "nobody to call, nothing to do". Instead, Google contacts you immediately, and you message back and forth with real people who have the power to instantly fix things. In any case, in my experience the reality of being a GCP customer is not the same as the fear, uncertainty and doubt that you have.
link
skrebbel 1981 days ago
That's great to hear, thanks!

It still appalls me how it's the norm these days for providers to first suspend service, and then ask questions (to the point that you describe it as a positive experience in an HN comment). But I think most big providers do that, ie it's not unique to GCP. And your experience is way better than my impression of Google (incl their paid services) so great to hear.

link
boulos 1981 days ago
Disclosure: I work on Google Cloud.

I am not a lawyer, nor your lawyer, however the terms you're looking for are the Acceptable Use Policies for both Google Workspace (née GSuite) [1] and GCP [2].

Both Workspace and GCP offer support (start at cloud.google.com/support). The included Workspace support ("Standard Support") includes phone support and a "Four hour SLO for P1 Support cases".

So if one of your employees did somehow get flagged for violating the Acceptable Use Policy, there is phone support included that would let your resolve this. You can pay more for higher levels of support with shorter response times, dedicated representatives, and so on.

Edit to add: if you're really concerned (and some folks are, I get that), I've seen some organizations make a separate domain for production. I don't love the ergonomics of switching accounts like that, but it's also not the worst thing I've seen people do.

[1] https://workspace.google.com/terms/use_policy.html

[2] https://cloud.google.com/terms/aup

link
bedatadriven 1981 days ago
Our service has depended on GCP/AppEngine for the last 8+ years. Our business depends on it and Google has proven to be reliable partner. We pay ~400/month for a support package and have always been able to get someone on the phone.

The only time we've ever really needed it was when one of our customer's (satellite) IPs was once flagged incorrectly as originating from Cuba and blocked because of sanctions. We reached an engineer via phone support and they were able to get the Google team responsible for their Geo IP database to correct the entry.

We've also had support engineers based locally call us to check in periodically, and I doubt we are in the top 10% of their customers by spend.

Definitely would recommend GCP without reservation.

link
antonvs 1981 days ago
I haven't encountered that situation but we use GCP and use their support: https://cloud.google.com/support

We can easily get a Google person on the phone when we need to, so I wouldn't be terribly concerned about this scenario since we have a relationship, a contact route, and (possibly) some kind of contractual accountability.

link
theptip 1981 days ago
Echoing this. GCP support is responsive and fairly effective. It’s a bit expensive, but that is a different matter.

This comes up on HN periodically, and I think folks have very mistaken assumptions about GCP based on Google’s reputation for poor or non-existent support on free consumer-facing services like gmail; GCP and Gsuite are very much serious enterprise services.

link
skrebbel 1981 days ago
I can't find the links back, but there's been stories on HN about paid GCP accounts being blocked because of actions taken in connected GSuite accounts (or GMail? ie the mail was free but the GCP was paid? Can't recall) that Google's automation deemed malicious.

Surely the consumer stories are much more prevalent, but to my memory it's not only been that.

link
theptip 1981 days ago
I’m sure someone has been taken down in this way on GCP, and if you’re on AWS you could get taken down like this too (see Parler). It’s really hard to quantify the risk here but my priors are that if you are a normal business that is not doing anything illegal then the risk is vanishingly small, and that GCP is not worse than AWS.

I think that building on a cloud platform (or other SaaS like an Oracle DB) and getting your license cost increased is a much bigger business risk.

Either way building your system to be easy to lift and shift to another provider (or on prem) has merit to hedge against these risks, but it also slows you down.

link
antonvs 1981 days ago
> Either way building your system to be easy to lift and shift to another provider (or on prem) has merit to hedge against these risks, but it also slows you down.

Not necessarily. Kubernetes is a great way to hedge against that. You can write fully cloud-native autoscaling apps that have minimal dependencies on the hosting environment.

link
theptip 1981 days ago
I agree, and chose k8s for this reason, but it’s definitely more work to run your own message queue vs. using SQS etc, so I don’t think it solves all of the friction here.
link
gundmc 1981 days ago
This story was debunked/refuted:

https://old.reddit.com/r/google/comments/8l231x/google_banne...

link
wmf 1981 days ago
A paid account != a Production or Premium support account, though.
link
deathanatos 1981 days ago
In every cloud provider I've used, filing a support ticket was done from within their web UI. And that meant logging in.

If Google bans your org for unknown/nebulous reasons, and you're not able to log in, can you get to those support channels?

link
antonvs 1981 days ago
We have email addresses and phone numbers we can call, so yes. Phone support is available on any of the paid support options.
link
AlchemistCamp 1981 days ago
Agreed, I've lost both a Gmail account and a YT account to Google's "acceptable bug rate" coupled with nearly fully automated support.

In both cases, the problem arose not from my behavior but from their merging, splitting and changing their product offerings. As dependent as I am on Google personally, I couldn't in good conscience tie a business to their whims if there were any reasonable alternative.

In terms of search and video as marketing channels, they've pretty much got a monopoly. In cloud services, there's more choice.

link
forty 1981 days ago
We don't use GCP a lot, but just a note: it's possible to login to GCP using your SSO rather than gmail addresses. I guess it would limit the risk you are worried about.
link
pmontra 1981 days ago
You shouldn't share one single company account across the team. Everybody should have their own account, of course on the company domain, and use that one.

Advantages

1. You know who does what.

2. If Google bans an account the others keep working.

3. Permissions per employee, because not everyone need to to everything.

4. If an account is compromised, you ban the account.

5. When an employee leaves, you ban the account instead of changing the password.

6. N people sharing a common password on an account nobody has particular responsibility for, ouch.

link
tomnipotent 1981 days ago
> You shouldn't share one single company account across the team

No one said anything about using a single account.

> Everybody should have their own account

This is moot if your company uses GSuite. The concern is that if a GSuite account is linked to a GCP account, and suspicious activity happens on Google Apps that it can result in interruption to GCP (and vice versa).

link
renewiltord 1981 days ago
I definitely use a separate google account for all of this. The support for it is pretty good and I don't see why one would ever use a personal account.
link
jacques_chester 1981 days ago
This risk exists for other providers. Corey Quinn calls it the "underpants problem".

https://twitter.com/quinnypig/status/1120780385460391939

link
mhh__ 1981 days ago
I would still be more worried about Google canning the service you're using.

The "shout at it on HN until it gets fixed" customer service is awful, but I don't think they're going to hurt their bottom line like that - and besides, if you have (for the sake of argument) someone spouting wrongthink on the company account you're really playing with fire in the first place.

link
Thaxll 1981 days ago
There are no proof / example whatsoever that GCP is related to other Google products. I've never heard or seen my GCP account was shutdown because Youtube / gmail / google account etc ...
link