In brief

In brief

  • Accelerated cloud adoption exposes organizations to new business risks—especially when it comes to security vulnerabilities.
  • Organizations must be ready and agile enough to secure their existing technology footprint, while being prepared to manage what lies ahead.
  • On any journey, if cloud as a continuum of capabilities is the map, security is the compass that guides organizations to navigate more effectively.
  • Our point of view explores challenges and common routes taken on the cloud journey and how security can manage risks and enable business outcomes.

Flexing security

Many organizations have recognized they need flexible, scalable networks made possible by the cloud. New cloud-based technologies offer opportunities to drive innovation, automate and pursue new growth—or simply save money and be more efficient. And there’s an urgency to be ready with cloud as a continuum of capabilities to fulfill the promise of digital transformation.

Yet, accelerated cloud adoption also exposes organizations to new business risks—especially when it comes to security vulnerabilities. Organizations need to balance the security needs of today with those of tomorrow. They should secure their existing technology footprint, while being prepared to manage what lies ahead—wherever they are on the cloud journey. Security teams should be agile and aligned with the business to be ready to protect their organizations and take advantage of cloud opportunities.


of CISOs said they don’t have the skills needed to move into the cloud.

Security blind spots

Security teams need to recognize where their organization is on the cloud journey, yet they are hampered by:

  • A security culture shift. As network security adopts a zero trust approach, a pivot from direct control to shared responsibility is needed—demanding a culture shift. Security actions should keep pace with the ever-changing context of an evolving cloud journey to avoid new risks.
  • A scarcity of skills. Current resources are being asked to do their jobs in new ways which introduces new skill requirements. What’s missing is resources with security domain expertise and cloud technology skills, such as software engineers who have skills in identity and access management. Upskilling existing resources and adding new skills are needed to make full use of a Cloud Continuum approach.
  • Software automation advances outpace security. As cloud initiatives trigger advances in software automation, traditional Software Development Lifecycle management has become more agile. Security must keep up with capacity demands and the only way to achieve that is through automation. Increasing software automation requires the same from security capabilities to secure emerging services on cloud platforms. Unfortunately, skills and capacity in the security domain lag these software automation advances.
  • An inability to balance resources. As organizations open the door to new technologies, the stress on existing security resources and capabilities can introduce new vulnerabilities. CISOs must adjust multiple levers to manage their cloud journey—including technology, resourcing and strategic partners.

Choosing your route

While we recognize that there are a range of approaches that can be taken, the following routes represent the two ends of the spectrum commonly considered when moving to the cloud. Each route has different implications for how security teams steer progress on the cloud journey.

For both routes, employ identity management and data security. The degree of complexity depends on which route is selected.

Security is the compass that helps guide effective decisions along the cloud journey.

Use security as a compass

Three considerations when using security as a compass to ease the cloud journey include:

Cloud security can enable better business outcomes by being:

  • Fast: Use cloud service provider native accelerators that enable security capabilities and controls to be deployed in minutes or hours, rather than months.
  • Frictionless: Embed security into existing solutions, business processes and operational teams.
  • Scalable: Apply automation and self-healing processes to reduce manual steps and break the resourcing model of adding headcount to enable organizations to scale.
  • Proactive: Establish pre-emptive controls to block accidental or malicious security incidents from happening in the first place.
  • Cost effective: Bake in security from the outset to avoid the additional costs incurred by having to re-do work.

In our own business we have been able to reduce build costs by 70%, cut in half the average time reduction to go-live operations and reduce run operations costs by 20% to 40% compared with our legacy approach. The Accenture cloud-native focused security offerings include:

  • Workforce and team strategy to optimize the current onshore-offshore operating model.
  • Smart working using Infrastructure as Code reduces employee travel to client sites and deployment lengths.
  • Digital ways of working to drive collaboration, innovation, flexibility and value-driven purpose.
  • Reduced talent acquisition spend through better attraction and retention of talent.

In addition to our experience in undertaking a cloud-first journey we made a US$3B investment to help our clients shape, move, build and operate their businesses in the cloud and realize the cloud’s business value, speed, cost, talent and innovation benefits.

Daniel Mellen

Managing Director – Accenture Security, Cloud and Infrastructure Lead

Gretchen Myers

Cloud Security Principal Accenture Security


Ransomware reoriented
Elevating the cybersecurity discussion
The importance of cloud security

Subscription Center
Visit our Subscription and Preference Center Visit our Subscription and Preference Center