Resolving the Normalization of Deviance by Building a Culture of Communication

Building a Culture of Communication

Real-time monitoring and corresponding alerts are critical for maintaining the performance and security of today’s complex cloud infrastructures. Given the exorbitant amount of data effective network monitoring can produce, however, a troublesome problem often occurs: organizations and their Security, Operations and Development teams start to develop a normalization of deviance.

What’s a Normalization of Deviance?

A normalization of deviance is an incremental and gradual erosion of normal procedures, and it can lead to dire consequences. The explosion of the Challenger space shuttle in 1986 is, unfortunately, an infamous example of a normalization of deviance (and the resultant investigation is where Diane Vaughn developed this theory). NASA had been testing the limits of the joints on its solid rocket boosters and found they weren’t behaving as expected. Rather than halting the development process and dealing with the booster errors head on, NASA chose to accept the problem and move forward with the launch. This normalization of deviance led to the Challenger tragedy, as it was later confirmed that the O-ring gaskets on one of the problematic boosters were responsible for the disaster.

Cloud Disaster Recovery

The lesson to learn here is that the normalization of deviance stemmed from an organizational failure at NASA at the management level. It’s also a common occurrence amongst fast-growth technology companies and enterprises that are rapidly Scaling their cloud-based infrastructures and adapting their architectures to changing business needs. In these settings, more tools are required to monitor infrastructure as the business grows and evolves and compute needs adapt to keep up. With more tools come more data and alerts, and as a result, operators have to balance the signal-to-noise ratio to ensure their teams can focus on the most important inputs.

The Harmful Effects of Burnout

With alerts coming in from a variety of different systems and tools, Security, Operations and Development teams can sometimes feel as if they’re at an obnoxiously loud party, with dozens of people having different conversations about different things at the same time. Without a systematic approach to compensate for this chaos, these teams can become desensitized, so that even when the system flags a truly anomalous activity, the alert may get ignored.

Burnout can lead to longer response times, create an unmanageable volume of technical debt, and generally have a negative effect on a company’s workforce. Team members who are struggling to keep up with never-ending alerts can experience anxiety, sleep deprivation, cognitive impairment and even increased blood pressure or headaches. A normalization of deviance and resulting burnout can also lead to a lack of interest in solving problems or helping customers, and as a result, negatively impact company culture.

A helpful way to determine if there’s a normalization of deviance in your own company is to watch how existing team members interact with new hires. When a new hire asks about an incoming alert, does your team brush it off and dismiss the problem as nothing to worry about? If so, your team has likely developed the habit of accepting bad practices as normal. This happens. It’s not a reason to upend everything, but a signal that leaders need to discover early and begin corrective action.

How to Prevent Desensitization

Chef CTO Adam Jacobs directly addressed burnout at the 2016 ChefCon: “We should make a conscious and intentional choice to build the future we want to be a part of, with our technology and culture.”

The most effective and long-lasting way to prevent a normalization of deviance from permeating your company and Security, Operations and Development teams is simply to communicate more and ensure those teams are empowered to enact change in their tools and process where needed. The fatigue and numbness that can result from a normalization of deviance is usually easier to spot in others than in ourselves, so be on the lookout for team members who may be struggling. Have burnout and personal health be a regular topic of discussion in one-on-one meetings, and make sure everyone is transparent about how current business goals or customer demands are physically and mentally affecting different teams. Perhaps most importantly, recognize that combating the normalization of deviance requires continuous effort. It’s not a task you can check off and then ignore.

Fast-growth technology companies and their Security, Operations and Development teams are all focused on moving at warp speed, building new cloud-based features and making sure complex platforms scale. But it’s equally important to prioritize building a culture of communication, honesty and improvement in order to catch and prevent a normalization of deviance before it sets in. This negative behavior pattern needs to be addressed, not tolerated, to ensure your company’s security defenses remain ahead of any adversaries’ offensive maneuvers.

By Chris Gervais

Mark Rochester

Why Remote Migrations are Essential for Business Continuity

Remote Business Continuity We are approaching a banner year for the cloud. The COVID-19 pandemic has highlighted the importance of cloud technology to enable resilience and business continuity, and it will be a critical time ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is because all real software innovation is now cloud-first or cloud-only, ...
Aarti Parikh

What are the Capabilities of the AWS Serverless Platform?

AWS Serverless Platform AWS serverless compute services allow to build and deploy applications on AWS cloud without having to manage the servers. AWS serverless platform enables vendors to deploy cloud solutions without server provisioning, deploying, ...
Eddie Segal

Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey by CNCF showed that 83% of organizations deploy Kubernetes on ...
Mark Barrenechea

Introducing the Information Advantage

Technology. Information. Disruption. The world is moving faster than ever before at unprecedented scale. Businesses today are operating in the next industrial revolution, and the rules have changed. This is Industry 4.0. It is imposing ...
Sebastian Grady

Digital Transformation – Updated Metrics for the Cloud Era

Cloud Era Metrics Undertaking digital transformation means also transforming how IT success is defined, including metrics that address business in the cloud.  With up to 90% of budgets spent keeping the lights on, cost is ...