Moving the enterprise to DevSecOps
Accenture is transforming the way it delivers its own IT solutions for more agility, higher quality and innovation.
To meet Accenture’s growing business needs, the company is shifting to a new way of delivering information technology. This internal transformation focuses on optimizing the collaboration between development and operations, while embedding security into the entire process. Development, Security and Operations (DevSecOps) converges application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. Embedding security into the product development life cycle helps protect the business while maintaining speed and assisting to eliminate friction.
Our global IT organization is in the process of merging application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. This move may enable more agility, higher quality, continued security and more time spent on innovation through a culture, people, process and technology model.
The move to DevSecOps is a transformation journey being undertaken in phases. The aim is to replace administrative efforts in delivery and operations, allowing teams to be more agile and engage in more interesting design and solution work within Accenture. For Accenture’s global IT teams, this is the next phase of building on prior phases of maturing development, operations and automation capabilities.
The early stages of shifting to DevSecOps involve defining the vision and laying the road map of moving development, security and operations capabilities into the New. Global IT’s vision of DevSecOps is to provide a consumable, seamless, automated process that ensures compliant delivery within Accenture guidelines.
To help deliver more capability to the business more quickly, global IT has taken three main steps:
Adopting DevSecOps principles, models and practices is transforming how Accenture’s global IT organization delivers and operates and is fostering a culture of innovation and ownership. As we progressively adopt DevSecOps, our teams are able to address the needs of the business faster and with more flexibility while maintaining stable operations and helping keep the enterprise secure.
The delivery and maintenance of global IT’s DevSecOps capabilities are being transformed through processes, tools and a significant cultural change. Teams are transitioning from siloed development and formal hand-offs of code to operations to transitioning to be service-oriented, involving having accountability for end-to-end delivery of a service. This new model is often described as a “you build it, you run it” and “I own the service end to end, it’s my business” type of approach. Teams are also overlapping with global IT’s cloud teams as a natural DevSecOps evolution.
To become a new way of delivering IT solutions within the enterprise, DevSecOps relies on two principles: 1) Agile delivery, which allows teams and organizations to run hypothesis-driven development before investing large amounts of time and money; and 2) Extreme automation, which directly enables the agility and quality goals of the vision by replacing administrative and manual work. As our global IT teams progressively build on these principles, this foundation creates a model where new capability is brokered as a service rather than planned and delivered in legacy form.