Skip to main content
close search
site logo
Dive Brief

Developers are working at 4 a.m. — what could go wrong?

Published June 8, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Unsplash

Dive Brief:

  • While security is a 24-hour task, the shift to remote work overhauled traditional work hours, Chris DeRamus, VP of Technology at DivvyCloud by Rapid7, told CIO Dive. The cloud configuration updates that were typically launched during traditional times are now performed at odd hours. 
  • From the security perspective, IT teams have to come to terms with seeing activity at unlikely hours and the impact it has on security changes, updates and cloud configurations. Development and cloud configurations are occurring off hours, and "at a rapid pace," said DeRamus. 
  • Off-hour development could result in misconfigurations, especially if a developer is doing it with little sleep or balancing watching their child and constant instant messaging alerts, said DeRamus. "There are more distractions now than ever."

Dive Insight:

Businesses that relied on brick-and-mortar locations were forced to accept the new way of working when COVID-19 hit stateside. 

"Speaking from how we're working with our engineering and security teams, some folks who were used to being in the office at 10 a.m. are starting their day at 4 a.m.," he said. Employees signing on at odd hours helps accommodate working around the hours of their kids, spouses or other at-home constraints. 

Employees are averaging an additional hour of work per week since moving during the pandemic, CIO Dive's sister publication HR Dive reports. Workers also adopted a more "fragmented" way of working instead of steady hours of work. 

The odd hours won't sound any alarms for security. Behavioral analysis and network scanning is usually able to weed through illegitimate connections and their associated IP address — a function relevant long before remote work. 

While everyone comes to terms with more flexible ways of working, there's a "constant signal-to-noise ratio you're having to juggle," said DeRamus. "I think the likelihood of mistakes go up." 

Most organizations use runtime for analyzing cloud security but "that's not going to cut it anymore," said DeRamus. If a developer launches a misconfigured application at 4 a.m., too much time might have passed before it's caught later that day. 

The "shift left" mentality, or running tests before a product's deployment, plays a particularly important role in weaving security into pre-production. Tensions between security and development teams still exist, as half of developers and engineers bypass cloud security or compliance policies. Security teams are "effectively office lawyers," said DeRamus. 

Shifting left gives developers a closer look at the impact of their updates before it goes live. 

An indefinite move to remote work means an overall increase in cloud consumption and virtual desktop infrastructure. Even service providers are continuously adapting as Microsoft saw a 775% increase in Azure's cloud services when stay-at-home orders were initiated.

"The cloud service providers themselves are scrambling, just to meet the ever increasing demand of cloud capacity," said DeRamus.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Celonis Business Collaboration Networks Drive Process Improvement Across Company Boundaries
From Celonis
October 23, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell