- While security is a 24-hour task, the shift to remote work overhauled traditional work hours, Chris DeRamus, VP of Technology at DivvyCloud by Rapid7, told CIO Dive. The cloud configuration updates that were typically launched during traditional times are now performed at odd hours.
- From the security perspective, IT teams have to come to terms with seeing activity at unlikely hours and the impact it has on security changes, updates and cloud configurations. Development and cloud configurations are occurring off hours, and "at a rapid pace," said DeRamus.
- Off-hour development could result in misconfigurations, especially if a developer is doing it with little sleep or balancing watching their child and constant instant messaging alerts, said DeRamus. "There are more distractions now than ever."
Businesses that relied on brick-and-mortar locations were forced to accept the new way of working when COVID-19 hit stateside.
"Speaking from how we're working with our engineering and security teams, some folks who were used to being in the office at 10 a.m. are starting their day at 4 a.m.," he said. Employees signing on at odd hours helps accommodate working around the hours of their kids, spouses or other at-home constraints.
Employees are averaging an additional hour of work per week since moving during the pandemic, CIO Dive's sister publication HR Dive reports. Workers also adopted a more "fragmented" way of working instead of steady hours of work.
The odd hours won't sound any alarms for security. Behavioral analysis and network scanning is usually able to weed through illegitimate connections and their associated IP address — a function relevant long before remote work.
While everyone comes to terms with more flexible ways of working, there's a "constant signal-to-noise ratio you're having to juggle," said DeRamus. "I think the likelihood of mistakes go up."
Most organizations use runtime for analyzing cloud security but "that's not going to cut it anymore," said DeRamus. If a developer launches a misconfigured application at 4 a.m., too much time might have passed before it's caught later that day.
The "shift left" mentality, or running tests before a product's deployment, plays a particularly important role in weaving security into pre-production. Tensions between security and development teams still exist, as half of developers and engineers bypass cloud security or compliance policies. Security teams are "effectively office lawyers," said DeRamus.
Shifting left gives developers a closer look at the impact of their updates before it goes live.
An indefinite move to remote work means an overall increase in cloud consumption and virtual desktop infrastructure. Even service providers are continuously adapting as Microsoft saw a 775% increase in Azure's cloud services when stay-at-home orders were initiated.
"The cloud service providers themselves are scrambling, just to meet the ever increasing demand of cloud capacity," said DeRamus.