Elevating cloud security
Accenture enhances its information security operations to secure cloud-based data.
As reliance on and use of the cloud increases, Accenture faces diverse and unique risks that share one underlying challenge: how to keep a globally dispersed enterprise secure. After robust exploration, Accenture implemented an innovative approach to cloud security, and now operates 94 percent of its business applications in the cloud with greater efficiency, scalability, and agility.
In this first episode of Accenture's InfoSec Beat podcast series, Kris Burkhardt talks with Matt Lagodzinski about Accenture’s journey to a secure cloud. See more.View Transcript
To address the unique security requirements of operating cloud-based business applications on a large scale, Accenture’s Information Security organization worked closely with Accenture’s internal IT organization to fortify the company’s cloud security posture. To fully leverage the cloud for business applications, Accenture relies on cloud providers for a portion of its data security. Added to those measures is Accenture’s own capability, Accenture Cloud Platform, a cloud technology platform that helps improve cloud operations, maintain necessary levels of security, control cost, and ensure governance of Accenture’s cloud estate.
Accenture Cloud Platform
The deployment of cloud environments and supporting resources is centralized through Accenture Cloud Platform. The platform runs in close coordination with operations teams, prioritizing risk mitigation in areas vital to the business functions that rely on the cloud. To ensure compliance and to accelerate the deployment of cloud environments, Accenture developed a “Secure from Start” process, which provides a blueprint or preconfigured template to deploy cloud environments and resources in a secure and compliant fashion.
Cloud compliance measurement
The Accenture Cloud Platform works together with the internal IT and Information Security teams to monitor cloud security through cloud-native and legacy tools and metrics like Cloudtrail and Compliance Watch. A set of security services for Accenture’s cloud environments were defined and they are now an essential part of Accenture’s proactive approach to security, including:
Accenture developed a Cloud Governance committee comprised of leaders from the Accenture Cloud Platform, internal IT, and Information Security organization. New cloud security standards were defined, corporate policies were enhanced to mandate secure cloud operations in a top-down approach, and metrics were developed to monitor compliance across Accenture’s cloud estate.
"Cloud underpins virtually every aspect of our business. From a security perspective, moving to the cloud required that we identify and develop new lines of defense to enhance our security posture."
Accenture has broadened and deepened its information security operations beyond the “usual” controls. The company has adopted a cloud mindset, and teams know what it takes to secure cloud-based data on an ongoing basis.
At the same time, as cloud operations continue to proliferate, Accenture employees are encouraged with even more rigor to work smart and stay vigilant in their security behaviors. A proactive approach to security is complemented with the following aspects:
Enhanced company policies to address specific accountability and security controls for protecting Accenture’s internal and client environments.
Designed security standards to apply when using cloud provider services.
All internal business groups using cloud environments are responsible for maintaining compliance and performing appropriate remediation activities.