As as founder it is not uncommon to be paranoid about developer stealing your code to launch his own venture. Also giving production server access can also tricky. Of course, you could keep the access only to yourself but if you have multiple servers etc. it doesn't scale over long term and takes lot of your time.
This is particularly challenging when your developer is completely remote and taking legal actions half way across the world isn't something you would want to spend you time/money on.
Here is few things I tried:
- Only gave access to open source/non critical portions of code to the developer for the first year
- At blockonomics I gave my remote developer full production access after working together for 2 years. He is Finland and I am in from India . It seems to have worked for me till now. I felt giving extra responsibility to him has made him more closer to the company/team
Curious to hear your thoughts on this
Fair concern Shiva.
In the initial stages of growth, I think it is tough to be too restrictive. You want to move fast and extra precautions might actually slow you down.
Personally, I think whether a person is remote or in-person, you can only trust your hiring process to know that you have found the right person. In which case, we need to trust the person and move ahead.
About not being able to prosecute across borders - it is pretty tedious to prosecute even if the person is in the same country. So, that's a downside which is not worth preparing for in any case - remote or not. If we don't in the latter, then it makes the case to not prepare for it in the former too.
Having said all of this, I presume there must be some way to have the local setup also on a virtual server, so that the person doesn't have local access at all.
@BujoldChronicles works at V2 Cloud which looks into security and he has mentioned about a cloud desktop's quite a few times. Hey Gabriel, over to you - you are the expert :)
Karthik Sridharan
Remote Work Experience
Yes, at Flexiple our tech team is remote. Further, we consistently work with freelancers from our network who are located across timezones. It is an interesting dynamic that poses challenges but also enforces discipline like nothing else I have experiened before.
Hey Shiva, thanks for the post. This is an interesting topic. I have usually seen startups or small teams not worry too much about access, be it source code or even passwords. Of course that's not a great thing to do but they want to move fast and don't want to keep people blocked on access.
Having said that, source code theft could becomes a real problem if you have critical IP to protect. In that scenario, what you're doing makes sense. Restrict as much access for as much time as possible. Although 2 years is a really long time I feel. For many others, a few weeks or months may be more practical.
@Borsiov91 & @till are leading engineering teams themselves. While I have a feeling that they would align to my former statement, I am keen to hear what they have to say about this.
Mark Walter
Remote Work Experience
I have worked remotely for 5+ years now.
Nice to hear your thoughts. I meant 2 years for full ssh access to production system. Full code access of course was given in months.
shiva
There's an air of mystery about shiva 😮. They haven't filled their profile yet.
That makes sense. In fact, I subscribe to the philosophy that access to production systems should only rest with select individuals. Some devs in the team should never have ssh access to production, ever.
Mark Walter
Remote Work Experience
I have worked remotely for 5+ years now.