Accenture Innovates Cloud Security Compliance with Lean Processes and Toyota-Inspired Approach

Accenture, a global professional services firm, has overcome security challenges in its development process by centralizing compliance controls, streamlining its cloud security compliance, and fostering innovation. The company's cloud journey, initiated in 2015, witnessed a substantial expansion of its cloud footprint from 9% to 90% for all business applications within the first year. This move aimed to leverage the benefits of the cloud in terms of scalability, speed, and cost-efficiency.

Initially, Accenture faced security issues as it adopted an old-school approach, treating security as an afterthought in the development lifecycle. The bespoke method became inefficient as the company's cloud security needs grew complex across thousands of cloud accounts and millions of resources. Recognizing the need for a change, Accenture explored solutions to streamline its entire cloud security compliance process.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

The company adopted a lean process, partnering with Palo Alto Networks and incorporating Prisma Cloud, a move designed to create a virtual cloud control factory. This factory supports global cloud infrastructure providers, ensuring reliable inventory, consistent log and alert delivery, and predictable processes for certifying cloud services and releasing security controls.

Accenture's Chief Information Security Officer (CISO), Kris Burkhardt, highlighted the challenge of securing a rapidly expanding inventory in a multi-cloud environment. To address this, the company implemented a manufacturing-style approach inspired by The Toyota Way (TTW). This approach involved centralizing cloud control development, organizing needs, and running them through a virtual factory to achieve common controls and architecture.

TTW principles, such as continuous improvement and building strong relationships, were integrated into Accenture's cloud security compliance process. The virtual cloud control factory resulted in significant benefits, including an 84% increase in released controls within a year and a 50% reduction in the time between releases. Accenture also more than doubled the number of certified services each month.

Additionally, the adoption of the new methodology and platform supports Accenture's future plans to automate most of its security processes, emphasizing efficiency and standardization. Developers at Accenture now benefit from a streamlined process, allowing them to focus on solving business problems and innovating without the burden of complex security considerations.

In Burkhardt's words, "This is one of those areas where no matter how well you do security, your job is to be in the background and be invisible, so as long as we're invisible and not stopping [our developers], that's the best compliment in the world."

Accenture's successful transformation in cloud security compliance showcases its commitment to innovation and efficiency in an ever-evolving digital landscape.