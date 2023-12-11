When Accenture's cloud journey began in 2015, the company knew some significant changes were coming — and for the better. In the first year, the company expanded its cloud footprint from 9% to 90% for all its business applications after it realized cloud could reduce the time and effort needed to design, build and deploy applications at scale and speed. Within the first three years, CSO 50 2023 honoree Accenture saved more than $20 million.

"We took an old-school, pre-industrial age approach to securing these objects. Rather than creating a proper industrialized process that made security a part and parcel of the development lifecycle from start to finish, it was very bespoke," Accenture CISO Kris Burkhardt tells CSO.

This method worked initially but quickly became inefficient as Accenture's cloud security needs became a more complex process across thousands of cloud accounts with millions of resources being deployed. It involved multiple stages, multiple gates and people from multiple teams. The problem became further exacerbated by Accenture's multi-cloud environment.

Accenture builds its own security suite

Burkhardt explains that a tailored approach to security was, however, the best option at the time, as there was a lack of readily available security cloud solutions. "There weren't providers out there who offered security suites and certainly not cross-cloud security suites, so we had to create our own," he says. "We did it to get by and it worked okay, but as our developers grew and were able to take advantage of the flexibility and the ease of procurement of VMs and the cloud, we realised we had to do something different. We were just not able to keep up with the rapid pace of our developers."

Some of the specific security issues that arose included ensuring only relevant users had access and privilege to certain data, objects, codes or applications. Burkhardt added the trick was also about “keeping up with the flow of objects and the two or three unique things about every one of those primary building blocks that come with them".

The complexities around cloud security also became a barrier for Accenture's developers. Security was often an after-thought; developers only thought about security at the end and perceived it as a less important step before a product could go live. "We want our developers to spend their creative energy on their own projects, not on cloud security; cloud security should just work for them," Burkhardt says. "We were concerned we were going to slow them down as we're really in the business of helping our developers be more successful by keeping them secure in the easiest way possible. We realised to keep going at pace and to remain competitive or be more competitive, we had to enable faster controls."