Without sounding like a mixed weather forecast, if there was ever a moment for cloud to have its day in the sun, it’s now. As the COVID-19 storm hit almost all corners of the world last March, it was a wake-up call for business continuity. In a short space of time, there was something of a race to take advantage of the efficiency, elasticity and innovation of the cloud—not only to keep the lights on, but also to take a new look at how to be resilient, quick to respond to changing market conditions and more flexible in the face of changing times.

But while cloud offers new opportunities to modernize services and transform operations, security and compliance risk remains the greatest barrier to cloud adoption. When you take account of hybrid- and multi-cloud environments and a shortage of skills, too, it’s beginning to look like there are some major roadblocks to a cloud-first journey.

In such tricky conditions, I believe there is a role security can play in making the most of cloud’s silver lining.

Is it safe?

Of course, it’s important to have a security reference architecture if you’re going to make cloud safe from the start. At a practical level that means designing and deploying base security controls to create a secure landing zone on the cloud solution provider platform. It means designing reusable cloud solution provider secure PaaS templates with integrated security controls. And it would involve bringing together the platform and services—such as, creating secure landing zone configuration policies and applying cloud service provider platform security controls.

Let’s not forget having the appropriate people is also important. We all know there is a shortage of both security and cloud talent.  And even with the appropriate talent you’re going to need to shift mindsets so that there is a culture of change—it can be the biggest obstacle security professionals face.

<<< Start >>>



<<< End >>>

Make no mistake, cloud migration is complex. It needs a formal strategy and strong governance. You might need to shift security to the left. But the rewards are many and worthwhile: your business can enable security capabilities and controls in minutes rather than hours and act in a frictionless way. You can be more proactive to prevent malicious security incidents. And you can scale fast, applying automation and self-healing processes to reduce manual steps and avoid the headcount squeeze.

Proactive cloud security

In our experience, the following four steps can guide any cloud-first journey and introduce security at speed and scale from the outset.

  • Know your cloud security posture. Rapidly identify gaps and establish a risk-aligned architecture and roadmap for baseline cloud security that optimizes current technology investments.
  • Automate native security. Automate deployment of security guardrails with pre-built accelerators for cloud native services including AWS, Microsoft Azure and Google Cloud.
  • Be proactive with compliance. Optimize detection and streamline cloud security operations. Mitigate risk with cloud service providers (CSPs) to align with regulatory requirements.
  • Employ security monitoring and response. Monitor public cloud cost effectively and at scale using security tools and use cases to address evolving threats and complex regulatory requirements.

Isn’t it time to find out more about how you can accelerate your business resilience and make your cloud-first journey secure from the start?

 

Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.  Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2021 Accenture. All rights reserved.

Daniel Mellen

Managing Director – Accenture Security Cloud

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog