Moving the enterprise to DevSecOps
Accenture is transforming the way it delivers its own IT solutions for more agility, higher quality and innovation.
To meet Accenture’s growing business needs, the company is shifting to a new way of delivering information technology. This internal transformation focuses on optimizing the collaboration between development and operations, while embedding security into the entire process. Development, Security and Operations (DevSecOps) converges application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. Embedding security into the product development life cycle helps protect the business while maintaining speed and assisting to eliminate friction.
Our global IT organization is in the process of merging application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. This move may enable more agility, higher quality, continued security and more time spent on innovation through a culture, people, process and technology model.
The move to DevSecOps is a transformation journey being undertaken in phases. The aim is to replace administrative efforts in delivery and operations, allowing teams to be more agile and engage in more interesting design and solution work within Accenture. For Accenture’s global IT teams, this is the next phase of building on prior phases of maturing development, operations and automation capabilities.
The early stages of shifting to DevSecOps involve defining the vision and laying the road map of moving development, security and operations capabilities into the New. Global IT’s vision of DevSecOps is to provide a consumable, seamless, automated process that ensures compliant delivery within Accenture guidelines.
To help deliver more capability to the business more quickly, global IT has taken three main steps:
Adopting DevSecOps principles, models and practices is transforming how Accenture’s global IT organization delivers and operates and is fostering a culture of innovation and ownership. As we progressively adopt DevSecOps, our teams are able to address the needs of the business faster and with more flexibility while maintaining stable operations and helping keep the enterprise secure.
The delivery and maintenance of global IT’s DevSecOps capabilities are being transformed through processes, tools and a significant cultural change. Teams are transitioning from siloed development and formal hand-offs of code to operations to transitioning to be service-oriented, involving having accountability for end-to-end delivery of a service. This new model is often described as a “you build it, you run it” and “I own the service end to end, it’s my business” type of approach. Teams are also overlapping with global IT’s cloud teams as a natural DevSecOps evolution.
To become a new way of delivering IT solutions within the enterprise, DevSecOps relies on two principles: 1) Agile delivery, which allows teams and organizations to run hypothesis-driven development before investing large amounts of time and money; and 2) Extreme automation, which directly enables the agility and quality goals of the vision by replacing administrative and manual work. As our global IT teams progressively build on these principles, this foundation creates a model where new capability is brokered as a service rather than planned and delivered in legacy form.
DevSecOps is an enabler that helps deliver automation, repeatability, agility, security and speed across the entire life cycle, and our global IT organization is aiming to perform DevSecOps at Accenture’s complexity and scale–in contrast to how it typically is performed at small scale.
Over the next several years, our teams will continue to focus on significantly shifting performance in the key areas of agility, quality and culture. Projected shifts include increasing the number of deployments per day, further decreasing the change failure rate and enabling teams with end-to-end autonomy.
These shifts in performance and culture may lead to the goal of transforming the delivery of global IT’s DevSecOps capabilities to drive increased value for Accenture resulting in faster delivery, improved quality and more innovation.
Some anticipated value outcomes include:
"DevSecOps helps us take an idea to production quickly. For example, Accenture collaboratively designed, created and delivered the People + Work Connect employer-to-employer platform in just 14 days, thus helping to keep people employed during the COVID-19 crisis."
Agile delivery helps teams and organizations to accelerate lead time from idea to implementation from months to days.
The number of production deployments per day is projected to increase from under 100 to more than 1,000 over five years.
Quality is improving as measured by a decrease in change failure rate and in decreased time to recover from fewer failures.
Security risk posture continues to be enhanced and automated prevention measures implemented.