Cloud monopoly: In early May, 620,000 members of the Australian pension fund UniSuper were left without access to their accounts for a week after a Google Cloud configuration error led to the deletion of the financial service provider’s private cloud account. UniSuper then had to restore its account by resorting to emergency backups via third-party/external services; overall, the situation was resolved for the better, but the fund was unavailable for about two weeks, more precisely from 2 to 15 May.
Need more power to Google?
It all started when someone mistakenly left a parameter blank during the first configuration of the account’s cloud environment via an internal tool. This minor inattention triggered a timer for the account’s self-deletion after a certain period – a timer that expired on 2 May. By the very nature of the internal tool, no notification or warning was generated for the account, which simply found itself without an account overnight. In the following weeks, Google published a detailed account of what happened and explained its initiatives to ensure it never happened again.
“This is an isolated, one-off event that has never happened before with any of Google Cloud’s customers globally,” said Thomas Kurian, CEO of Google Cloud, and Peter Chun, CEO of Australian pension fund UniSuper. But what if it happens to some government or banking institution? According to Quartz, Google Cloud accounts for about 60 per cent of the world’s 1,000 largest companies and 90 per cent of the generative AI unicorns among its customers.
In addition, nearly half a million companies worldwide use Google Cloud as a platform-as-a-service or customer tool, including Volkswagen and the Royal Bank of Canada. Quartz recalls that even the US government and intelligence agencies have increasingly used cloud services for data storage. For example, the US National Security Agency has signed a $10 billion deal with Amazon to move intelligence surveillance data to the company’s cloud, and the Pentagon has entered a $9 billion contract with Microsoft, Google, Oracle and Amazon for cloud computing services.
The problem remains
At this point, there is slightly conflicting information: Google says that backups were not affected but rather that they were crucial to restoring the account, while UniSuper, as we noted, mentioned external backups. In the end, it matters little; more important is to know that Google eliminated the ‘guilty’ internal tool, moved everything to an interface manageable directly by the client, and carefully checked all the other accounts to ensure that no other ‘timers’ were active.
Google is keen to point out that this was an isolated incident and that no other scenarios could compromise cloud accounts so drastically – protections include soft deletions, multiple pre-emptive notifications, requests for confirmation from human staff, and more. But the problem remains. This episode highlights the importance of non-monopolistic management of cloud services and collaboration between service providers and customers to deal with unforeseen events and ensure business continuity. Only in this way, and with over $125 billion in funds under management, will UniSuper continue to work to ensure the security and reliability of its services for its many members.