Challenge

As reliance on and use of the cloud increases, Accenture faces diverse and unique risks that share one underlying challenge: how to keep a globally dispersed enterprise secure. After robust exploration, Accenture implemented an innovative approach to cloud security, and now operates 94 percent of its business applications in the cloud with greater efficiency, scalability, and agility.

Strategy and solution

To address the unique security requirements of operating cloud-based business applications on a large scale, Accenture’s Information Security organization worked closely with Accenture’s internal IT organization to fortify the company’s cloud security posture. To fully leverage the cloud for business applications, Accenture relies on cloud providers for a portion of its data security. Added to those measures is Accenture’s own capability, Accenture Cloud Platform, a cloud technology platform that helps improve cloud operations, maintain necessary levels of security, control cost, and ensure governance of Accenture’s cloud estate.

Accenture Cloud Platform

The deployment of cloud environments and supporting resources is centralized through Accenture Cloud Platform. The platform runs in close coordination with operations teams, prioritizing risk mitigation in areas vital to the business functions that rely on the cloud. To ensure compliance and to accelerate the deployment of cloud environments, Accenture developed a “Secure from Start” process, which provides a blueprint or preconfigured template to deploy cloud environments and resources in a secure and compliant fashion.

Cloud compliance measurement

The Accenture Cloud Platform works together with the internal IT and Information Security teams to monitor cloud security through cloud-native and legacy tools and metrics like Cloudtrail and Compliance Watch. A set of security services for Accenture’s cloud environments were defined and they are now an essential part of Accenture’s proactive approach to security, including:

  • Cloud configuration monitoring
  • Host hardening, anti-virus, malware, and host-based intrusion detection systems protection
  • Server compliance and vulnerability scanning
  • Security incident and event monitoring
  • L1/L2 SOC

Cloud governance

Accenture developed a Cloud Governance committee comprised of leaders from the Accenture Cloud Platform, internal IT, and Information Security organization. New cloud security standards were defined, corporate policies were enhanced to mandate secure cloud operations in a top-down approach, and metrics were developed to monitor compliance across Accenture’s cloud estate.

"Cloud underpins virtually every aspect of our business. From a security perspective, moving to the cloud required that we identify and develop new lines of defense to enhance our security posture."

– KRIS BURKHARDT, Managing Director – Technology & Operations, Accenture Information Security

Transformation

Accenture has broadened and deepened its information security operations beyond the “usual” controls. The company has adopted a cloud mindset, and teams know what it takes to secure cloud-based data on an ongoing basis.

At the same time, as cloud operations continue to proliferate, Accenture employees are encouraged with even more rigor to work smart and stay vigilant in their security behaviors. A proactive approach to security is complemented with the following aspects:

Company policies

Enhanced company policies to address specific accountability and security controls for protecting Accenture’s internal and client environments.

Cloud security standards

Designed security standards to apply when using cloud provider services.

Compliance and remediation

All internal business groups using cloud environments are responsible for maintaining compliance and performing appropriate remediation activities.

View All
Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter