Resolving the Normalization of Deviance by Building a Culture of Communication

Building a Culture of Communication

Real-time monitoring and corresponding alerts are critical for maintaining the performance and security of today’s complex cloud infrastructures. Given the exorbitant amount of data effective network monitoring can produce, however, a troublesome problem often occurs: organizations and their Security, Operations and Development teams start to develop a normalization of deviance.

What’s a Normalization of Deviance?

A normalization of deviance is an incremental and gradual erosion of normal procedures, and it can lead to dire consequences. The explosion of the Challenger space shuttle in 1986 is, unfortunately, an infamous example of a normalization of deviance (and the resultant investigation is where Diane Vaughn developed this theory). NASA had been testing the limits of the joints on its solid rocket boosters and found they weren’t behaving as expected. Rather than halting the development process and dealing with the booster errors head on, NASA chose to accept the problem and move forward with the launch. This normalization of deviance led to the Challenger tragedy, as it was later confirmed that the O-ring gaskets on one of the problematic boosters were responsible for the disaster.

Cloud Disaster Recovery

The lesson to learn here is that the normalization of deviance stemmed from an organizational failure at NASA at the management level. It’s also a common occurrence amongst fast-growth technology companies and enterprises that are rapidly Scaling their cloud-based infrastructures and adapting their architectures to changing business needs. In these settings, more tools are required to monitor infrastructure as the business grows and evolves and compute needs adapt to keep up. With more tools come more data and alerts, and as a result, operators have to balance the signal-to-noise ratio to ensure their teams can focus on the most important inputs.

The Harmful Effects of Burnout

With alerts coming in from a variety of different systems and tools, Security, Operations and Development teams can sometimes feel as if they’re at an obnoxiously loud party, with dozens of people having different conversations about different things at the same time. Without a systematic approach to compensate for this chaos, these teams can become desensitized, so that even when the system flags a truly anomalous activity, the alert may get ignored.

Burnout can lead to longer response times, create an unmanageable volume of technical debt, and generally have a negative effect on a company’s workforce. Team members who are struggling to keep up with never-ending alerts can experience anxiety, sleep deprivation, cognitive impairment and even increased blood pressure or headaches. A normalization of deviance and resulting burnout can also lead to a lack of interest in solving problems or helping customers, and as a result, negatively impact company culture.

A helpful way to determine if there’s a normalization of deviance in your own company is to watch how existing team members interact with new hires. When a new hire asks about an incoming alert, does your team brush it off and dismiss the problem as nothing to worry about? If so, your team has likely developed the habit of accepting bad practices as normal. This happens. It’s not a reason to upend everything, but a signal that leaders need to discover early and begin corrective action.

How to Prevent Desensitization

Chef CTO Adam Jacobs directly addressed burnout at the 2016 ChefCon: “We should make a conscious and intentional choice to build the future we want to be a part of, with our technology and culture.”

The most effective and long-lasting way to prevent a normalization of deviance from permeating your company and Security, Operations and Development teams is simply to communicate more and ensure those teams are empowered to enact change in their tools and process where needed. The fatigue and numbness that can result from a normalization of deviance is usually easier to spot in others than in ourselves, so be on the lookout for team members who may be struggling. Have burnout and personal health be a regular topic of discussion in one-on-one meetings, and make sure everyone is transparent about how current business goals or customer demands are physically and mentally affecting different teams. Perhaps most importantly, recognize that combating the normalization of deviance requires continuous effort. It’s not a task you can check off and then ignore.

Fast-growth technology companies and their Security, Operations and Development teams are all focused on moving at warp speed, building new cloud-based features and making sure complex platforms scale. But it’s equally important to prioritize building a culture of communication, honesty and improvement in order to catch and prevent a normalization of deviance before it sets in. This negative behavior pattern needs to be addressed, not tolerated, to ensure your company’s security defenses remain ahead of any adversaries’ offensive maneuvers.

By Chris Gervais

Deepak Jayagopal

Leveraging DevOps Infrastructure as Code to Improve Cloud Provisioning Time by 65%

Improving Cloud Provisioning Time Infrastructure provisioning used to be a highly manual process for Digital Service Providers (DSPs). Infrastructure engineers would rack and stack the servers and will manually configure them. Then they will install ...
Steve Prentice

The Human Element of Zero Trust

The Awareness of Malicious and Threat Actors Security specialists have long known that a single weak link in a chain is all that is needed to bring down a cyberdefense. Sometimes this comes down to ...
Juan Pablo Perez Etchegoyen

7 Security and Compliance Considerations for Cloud-Based Business Applications  

Security and Compliance Considerations There’s no doubt on-premises deployments of mission-critical business applications provide more control over data as it resides within the four walls of an organization’s network infrastructure. However, businesses can no longer ...
David Friend

Tech Evolution – Why Multi-Cloud Will Win

Why Multi-Cloud Will Win When I was growing up in the 1970’s, IBM ruled the roost in corporate data centers. If you walked into a typical data center, nearly every piece of gear had an ...
Kyle Bernard Author

FlightHub and JustFly on Facial Recognition Technology, Travel and Privacy

Facial Recognition Technology For years facial recognition technology only existed in science books, television and cinema. The idea was brilliant. However, real-world technology hadn’t yet caught up with the concept. That’s changed in recent years ...
Darach Beirne

Take Control of Telecom by Being Your Own Carrier

Being Your Own Carrier Departments and organizations of all sizes and across all industries are transitioning away from traditional hardware IT systems and embracing SaaS-based cloud offerings. The global pandemic has spurred greater cloud adoption, ...