Google Cloud is offering a tool to enable enterprises to track down abandoned or forgotten projects that are sitting idle but are continuing to use resources, driving up costs and creating security issues.
The company this month rolled out Unattended Project Recommender, a feature in its Active Assist cloud management portfolio that leverages machine learning to find and identify projects that likely have been abandoned and offers recommendations on whether the projects should be shut down.
The tool – now in public preview – uses searches to find idle projects and then, based on such information sources as API and networking activity, billing, and usage of cloud services, feeds the data through its machine learning capabilities to develop recommendations. Enterprises can integrate Unattended Project Recommender with their own workflow management and communications tools or export the results to a table in Google’s BiqQuery fully managed data warehouse.
“Your cloud projects can go abandoned or unattended for a number of reasons – ranging from a test environment that’s no longer needed, to project cancellation, to project owner switching jobs, and more,” Google Cloud product managers Dima Melnyk and Bakh Inamov wrote in a blog post. “Not only can such projects contribute to your cloud bill (waste) but they may contain security issues such as open firewalls or privileged service account keys that attackers can exploit to get a hold of your cloud resources for cryptocurrency mining or, worse, compromise your company’s sensitive data.”
Growing Security Risks
Such security risk will grow over time because the latest best practices and patches typically are not applied to unattended projects, Melnyk and Inamov wrote.
Based on the signals the Unattended Project Recommender receives, it will automatically recommend cleaning up projects that have low activity – based on the machine learning model’s ranking of the usage of an organization’s projects in Google Cloud – or reclaiming those that have high usage activity but not active project owners.
Below is an example of what the list of recommendations would look like:
The tool also enables enterprises to view the activity insights collected for a project to see what the recommendations are based on, which IT engineers can use to integrate the project into their workflows. For example, they can send an automatically generated email or chat message to employees listed as the project’s owners.
A 30-Day Waiting Period
There’s also a 30-day waiting period between the time an organization chooses to shut down a project and the time the project is eliminated. Once a project is marked for deletion, it no longer is usable and all the resources are shut down. The 30 days gives enterprises the chance to restore a project that has been accidently shut down, though they may not get all the data and resources from the project back.
Roger Kay, principal analyst with Endpoint Technologies Associates, told Internet News that a tool like Unattended Project Recommender is something that could benefit enterprises. He noted that in most organizations, it would be difficult for a project to remain idle for too long.
Not so in the cloud.
“In the cloud, though, you have a situation where there’s nobody responsible,” Kay said. “The original owners sort of abandoned ship. The cloud provider is actually running their hardware and can see the workload, the client is being billed for the workload because it’s still running, and there’s no incentive the cloud provider really has to turn it off.”
What to Keep and What to Toss
Organizations will have to determine what is junk and what should be kept.
“There’s stuff that needs to be cleaned out and then there’s those much more philosophical decisions, like there’s a whole area but they’re not moving in that direction,” he said. “The boss made strategic decision to move in this different direction and we really should have abandoned that project.”
Kay was impressed that Google Cloud is offering such a tool, given that having idle workloads in its cloud environment and still using resources means an ongoing source of income.
“It’s interesting because at Google, they can advertise it as a do-gooder thing,” the analyst said. “They can say, ‘We’re going to help find this [and] you’re going to be happy about that. We’re going to save you money, we’re going to save you complexity and we’re going to deny ourselves some incremental credit.” There must be some kind of marketing reason for doing this, like customer satisfaction or some other thing.”
Google Cleaned Up Its Own House
Google officials used the tool in-house earlier this year before making it available to the outside world, according to Melnyk and Inamov. The company’s internal security team had been wanting to identify and deal with idle cloud projects but was hindered by challenges in areas of detection – what signals should be looked at and how can an unattended project be differentiated from one with low usage – and remediation, including reducing the risk of deleting something that might later be seen as essential and scaling such a cleanup effort.
“Over the course of 2021 we built and tested a Google-internal prototype first, cleaning up many of our internal unattended projects, and then worked with a number of Google Cloud customers to build and tune this feature based on real-life data,” the product managers wrote. “It was not uncommon for us to come across organizations with thousands of unattended projects.”
Among the early adopters were cloud content management solutions provider Box, Decathlon, a French sporting goods retailer, and Veolia, a large water, waste and energy management company.
Further reading: Cloud Market Soars as IBM, Microsoft Build Out Services