Now more than ever, organizations need to prioritize a "cloud first" approach to enable their companies to transform with agility at scale. But, as its name suggests, every new instance of public cloud has the potential to brew up a security storm. The default settings for a new cloud instance are unlikely to satisfy even the basic security requirements of any business operation.
While cloud offers new opportunities to modernize services and transform operations, less than 40% of companies say they are achieving the full value expected on their cloud investments. Security and compliance risk remains the greatest barrier to cloud adoption. Combined with the difficulties in proactively addressing the complexity of secure configuration and a shortage of skills, these challenges can be major roadblocks to a cloud-first journey.
Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator.
Misconfiguration of cloud resources remains the most prevalent cloud vulnerability.
— MITIGATING CLOUD VULNERABILITIES, NATIONAL SECURITY AGENCY, JANUARY 2020
Cloud security best practices
A security reference architecture has six key pillars that define the minimum requirements for organizations to securely place workloads in the cloud.
What you should do:
Design and deploy base security controls to create secure landing zone on the cloud solution provider platform.
Fast: Use cloud service provider native accelerators that enable security capabilities and controls to be deployed in minutes or hours, rather than months.
Frictionless: Embed security into existing solutions, business processes and operational teams.
Scalable: Apply automation and self-healing processes to reduce manual steps and break the resourcing model of adding headcount to enable organizations to scale.
Proactive: Establish pre-emptive controls to block accidental or malicious security incidents from happening in the first place.
Cost effective: Bake-in security from the outset to avoid the additional costs incurred by having to re-do work.
of Accenture applications are in the public cloud and supported by the platform economy.
reduction in Accenture build costs and our build and go-live operations are three times faster compared with legacy security tools.
Up to 70%
Accenture has saved between 30-70% in the cloud compared with Security Information and Event Management (SIEM) as-as-service offerings.
Accenture is committed to cloud
In our own business we have been able to reduce build costs by 70%, cut in half the average time reduction to go-live operations and reduce run operations costs by 20% to 40% compared with our legacy approach. The Accenture cloud-native focused security offerings include:
Workforce and team strategy to optimize the current onshore-offshore operating model.
Smart working using Infrastructure as Code reduces employee travel to client sites and deployment lengths.
Digital ways of working to drive collaboration, innovation, flexibility and value-driven purpose.
Reduced talent acquisition spend through better attraction and retention of talent.
In addition to our experience in undertaking a cloud-first journey we have announced a US$3B investment to help our clients shape, move, build and operate their businesses in the cloud and realize the cloud’s business value, speed, cost, talent and innovation benefits.
Cloud’s silver lining
In our experience, the following four steps can guide any cloud-first journey and introduce security at speed and scale from the outset:
1. Know your cloud security posture
Rapidly identify gaps and establish a risk-aligned architecture and roadmap for baseline cloud security that optimizes current technology investments.
2. Automate native security
Automate deployment of security guardrails with pre-built accelerators for cloud native services including AWS, Microsoft Azure and Google Cloud.
3. Be proactive with compliance
Optimize detection and streamline cloud security operations. Mitigate risk with cloud service providers (CSPs) to align with regulatory requirements.
4. Employ security monitoring and response
Monitor public cloud cost effectively and at scale using security tools and use cases to address evolving threats and complex regulatory requirements.