Despite the clear promise of cloud, less than 40% of companies say they are achieving the full value expected on their cloud investments.
CISOs are challenged by weaknesses in security governance and compliance as well as issues around complexity and finding the right skills.
Being secure by design can accelerate resilience on any cloud-first journey.
With 95% of Accenture applications in the public cloud, we show how secure cloud enables better business outcomes.
Security as a resilience accelerator
Now more than ever, organizations need to prioritize a “cloud first” approach to enable their companies to transform with agility at scale. But, as its name suggests, every new instance of public cloud has the potential to brew up a security storm. The default settings for a new cloud instance are unlikely to satisfy even the basic security requirements of any business operation.
While cloud offers new opportunities to modernize services and transform operations, less than 40% of companies say they are achieving the full value expected on their cloud investments. Security and compliance risk remains the greatest barrier to cloud adoption. Combined with the difficulties in proactively addressing the complexity of secure configuration and a shortage of skills, these challenges can be major roadblocks to a cloud-first journey.
Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator.
Misconfiguration of cloud resources remains the most prevalent cloud vulnerability.
— MITIGATING CLOUD VULNERABILITIES, NATIONAL SECURITY AGENCY, JANUARY 2020
Cloud security best practices
A security reference architecture has six key pillars that define the minimum requirements for organizations to securely place workloads in the cloud.
What you should do:
Design and deploy base security controls to create secure landing zone on the cloud solution provider platform.
Combine the platform and services to bring together existing client enterprise security tools with operational processes and procedures.
How you should do it:
Spell out the roles that are authorized to operate in the environment and what they are allowed to do.
Secure connectivity to on-premise data centers and use a “hub and spoke” network security model.
Secure landing zone configuration policies and apply cloud service provider platform security controls.
Why is cloud security important for business?
Cloud security can enable better business outcomes by being:
Fast: Use cloud service provider native accelerators that enable security capabilities and controls to be deployed in minutes or hours, rather than months.
Frictionless: Embed security into existing solutions, business processes and operational teams.
Scalable: Apply automation and self-healing processes to reduce manual steps and break the resourcing model of adding headcount to enable organizations to scale.
Proactive: Establish pre-emptive controls to block accidental or malicious security incidents from happening in the first place.
Cost effective: Bake-in security from the outset to avoid the additional costs incurred by having to re-do work.
95% of Accenture applications are in the public cloud and supported by the platform economy.
70% reduction in Accenture build costs and our build and go-live operations are three times faster compared with legacy security tools.
Up to 70% Accenture has saved between 30-70% in the cloud compared with Security Information and Event Management (SIEM) as-as-service offerings.
Accenture is committed to cloud
In our own business we have been able to reduce build costs by 70%, cut in half the average time reduction to go-live operations and reduce run operations costs by 20% to 40% compared with our legacy approach. The Accenture cloud-native focused security offerings include:
Workforce and team strategy to optimize the current onshore-offshore operating model.
Smart working using Infrastructure as Code reduces employee travel to client sites and deployment lengths.
Digital ways of working to drive collaboration, innovation, flexibility and value-driven purpose.
Reduced talent acquisition spend through better attraction and retention of talent.
In addition to our experience in undertaking a cloud-first journey we have announced a US$3B investment to help our clients shape, move, build and operate their businesses in the cloud and realize the cloud’s business value, speed, cost, talent and innovation benefits.
Cloud’s silver lining
In our experience, the following four steps can guide any cloud-first journey and introduce security at speed and scale from the outset:
1. Know your cloud security posture
Rapidly identify gaps and establish a risk-aligned architecture and roadmap for baseline cloud security that optimizes current technology investments.
2. Automate native security
Automate deployment of security guardrails with pre-built accelerators for cloud native services including AWS, Microsoft Azure & Google Cloud.
3. Be proactive with compliance
Optimize detection and streamline cloud security operations. Mitigate risk with cloud service providers (CSPs) to align with regulatory requirements.
4. Employ security monitoring and response
Monitor public cloud cost effectively and at scale using security tools and use cases to address evolving threats and complex regulatory requirements.
Read the original article & full report here. Find out more about Accenture here.
Holland Fintech is proud to present the Digital Transformation Paper 2024. This whitepaper, led by the Holland Fintech working group Digital Transformation in collaboration with Accenture, provides valuable insights into the dynamics and key factors influencing successful collaborations between fintechs and incumbents.
Money 20/20 – Join our Pavilion! The Holland Fintech Pavilion offers a unique opportunity to connect with a global audience of fintech professionals. Located at the heart of Money 20/20, the pavilion provides a central hub for networking, collaboration, and exposure.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Design and deploy base security controls to create secure landing zone on the cloud solution provider platform.
Design reusable cloud solution provider secure PaaS templates with integrated security controls.
Combine the platform and services to bring together existing client enterprise security tools with operational processes and procedures.
Spell out the roles that are authorized to operate in the environment and what they are allowed to do.
Secure connectivity to on-premise data centers and use a “hub and spoke” network security model.
Secure landing zone configuration policies and apply cloud service provider platform security controls.
3. Be proactive with compliance
4. Employ security monitoring and response
