RESEARCH REPORT

In brief

In brief

  • Despite the clear promise of cloud, less than 40% of companies say they are achieving the full value expected on their cloud investments.
  • CISOs are challenged by weaknesses in security governance and compliance as well as issues around complexity and finding the right skills.
  • Being secure by design can accelerate resilience on any cloud-first journey.
  • With 95% of Accenture applications in the public cloud, we show how secure cloud enables better business outcomes.


Security as a resilience accelerator

Now more than ever, organizations need to prioritize a "cloud first" approach to enable their companies to transform with agility at scale. But, as its name suggests, every new instance of public cloud has the potential to brew up a security storm. The default settings for a new cloud instance are unlikely to satisfy even the basic security requirements of any business operation.

While cloud offers new opportunities to modernize services and transform operations, less than 40% of companies say they are achieving the full value expected on their cloud investments. Security and compliance risk remains the greatest barrier to cloud adoption. Combined with the difficulties in proactively addressing the complexity of secure configuration and a shortage of skills, these challenges can be major roadblocks to a cloud-first journey.

Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator.

Misconfiguration of cloud resources remains the most prevalent cloud vulnerability.

— Mitigating Cloud Vulnerabilities, National Security Agency, January 2020

Cloud security best practices

A security reference architecture has six key pillars that define the minimum requirements for organizations to securely place workloads in the cloud.

What you should do:

Design and deploy base security controls to create secure landing zone on the cloud solution provider platform.

Design reusable cloud solution provider secure PaaS templates with integrated security controls.

Combine the platform and services to bring together existing client enterprise security tools with operational processes and procedures.

View All

How you should do it:

Spell out the roles that are authorized to operate in the environment and what they are allowed to do.

Secure connectivity to on-premise data centers and use a "hub and spoke" network security model.

Secure landing zone configuration policies and apply cloud service provider platform security controls.

View All


Why is cloud security important for business?

Cloud security can enable better business outcomes by being:

  • Fast: Use cloud service provider native accelerators that enable security capabilities and controls to be deployed in minutes or hours, rather than months.
  • Frictionless: Embed security into existing solutions, business processes and operational teams.
  • Scalable: Apply automation and self-healing processes to reduce manual steps and break the resourcing model of adding headcount to enable organizations to scale.
  • Proactive: Establish pre-emptive controls to block accidental or malicious security incidents from happening in the first place.
  • Cost effective: Bake-in security from the outset to avoid the additional costs incurred by having to re-do work.

95%

of Accenture applications are in the public cloud and supported by the platform economy.

70%

reduction in Accenture build costs and our build and go-live operations are three times faster compared with legacy security tools.

Up to 70%

Accenture has saved between 30-70% in the cloud compared with Security Information and Event Management (SIEM) as-as-service offerings.

Accenture is committed to cloud

In our own business we have been able to reduce build costs by 70%, cut in half the average time reduction to go-live operations and reduce run operations costs by 20% to 40% compared with our legacy approach. The Accenture cloud-native focused security offerings include:

  • Workforce and team strategy to optimize the current onshore-offshore operating model.
  • Smart working using Infrastructure as Code reduces employee travel to client sites and deployment lengths.
  • Digital ways of working to drive collaboration, innovation, flexibility and value-driven purpose.
  • Reduced talent acquisition spend through better attraction and retention of talent.

In addition to our experience in undertaking a cloud-first journey we have announced a US$3B investment to help our clients shape, move, build and operate their businesses in the cloud and realize the cloud’s business value, speed, cost, talent and innovation benefits.

Cloud’s silver lining

In our experience, the following four steps can guide any cloud-first journey and introduce security at speed and scale from the outset:

1. Know your cloud security posture

Rapidly identify gaps and establish a risk-aligned architecture and roadmap for baseline cloud security that optimizes current technology investments.

2. Automate native security

Automate deployment of security guardrails with pre-built accelerators for cloud native services including AWS, Microsoft Azure and Google Cloud.

3. Be proactive with compliance

Optimize detection and streamline cloud security operations. Mitigate risk with cloud service providers (CSPs) to align with regulatory requirements.

4. Employ security monitoring and response

Monitor public cloud cost effectively and at scale using security tools and use cases to address evolving threats and complex regulatory requirements.

View All

Daniel Mellen

Managing Director – Accenture Security Cloud


Rex Thexton

Senior Managing Director – Applied Cybersecurity Services


Harpreet Sidhu

Managing Director – Managed Security Services


Andrew Winkelmann

Managing Director – Accenture Security

MORE ON THIS TOPIC

COVID-19: Emerge stronger with adaptive security
Sky high hopes: Navigating the barriers to maximizing cloud value

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter