Investigate support plan for GCP

[theathorn]

..should be comparable to that for AWS.

[theathorn]

Google has several Cloud Customer Care options. Standard support includes "unlimited access to technical support to help you troubleshoot, test, and explore" and costs $29/month + 3% of monthly charges.

[theathorn]

@theathorn to talk to @nolunwa about getting in touch with our contacts at Google to find out how we can get our technical compliance questions answered. Would the Standard Support Plan achieve this goal?

[nolunwa-ucsc]

@theathorn sent an email to derekmoliver@google.com,vandres@google.com

Reaching out from UCSC GI as we need the full GCP CRM Matrix to be shared with us for the following projects platform-anvil-dev, platform-hca-dev,platform-hca-prod,platform-anvil-prod. The Team is implementing NIST SP 800 53 rev 4 control in pursuit of FedRAMP authorization and the technical team needs a copy of GCP CRM that provides a detailed description of the services and implementation. Also, can you guidance on which support plan provides technical compliance questions answered?

[theathorn]

Steve Lujan (slujan@google.com): Who should Jeff Nessen (jeffnessen@google.com) work with from your side to understand the GCP services running in each of the projects that you identified? Nneka Olunwa: Jeff can work with Hannes to understand the GCP services running in each of the projects that you identified.

[theathorn]

@hannes-ucsc to contact Jeff about session-related controls (AC-7 UNSUCCESSFUL LOGON ATTEMPTS, AC-10 CONCURRENT SESSION CONTROL, AC-11 SESSION LOCK and AC-12 SESSION TERMINATION) w.r.t. Google cloud console. The CRM assigns responsibility solely to the customer whereas we see no way of actually enforcing those controls.

[hannes-ucsc]

Email sent.

[hannes-ucsc]

Response from Google

I forwarded the question over to a number of compliance resources engaged with our FedRAMP process and will follow up with you as soon as I get a response.

[theathorn]

@theathorn to follow up with GCP for answers to Hannes' questions and get cost for support plan (create separate billing account?)

[theathorn]

Sent email to Google - awaiting response.

[theathorn]

Moved @hannes-ucsc comment from #4586: Remaining open question for Google support is whether modification to OAuth 2.0 clients are audit-logged. I could not find any mention of OAuth on https://cloud.google.com/logging/docs/audit/services.

[theathorn]

Reply from Amanda Stange on 11/15/22: "We do have a subscription agreement, which would offer a fixed GCP fee for the year. Look forward to reviewing it with you."