Skip to main content Skip to footer
Cloud Security

How security guides your path in the cloud

June 22, 2022

RESEARCH REPORT

In brief

  • Accelerated cloud adoption exposes organizations to new business risks—especially when it comes to security vulnerabilities.
  • Organizations must be ready and agile enough to secure their existing technology footprint, while being prepared to manage what lies ahead.
  • On any journey, if cloud as a continuum of capabilities is the map, security is the compass that guides organizations to navigate more effectively.
  • Our point of view explores challenges and common routes taken on the cloud journey and how security can manage risks and enable business outcomes.

Flexing security

Many organizations have recognized they need flexible, scalable networks made possible by the cloud. New cloud-based technologies offer opportunities to drive innovation, automate and pursue new growth—or simply save money and be more efficient. And there’s an urgency to be ready with cloud as a continuum of capabilities to fulfill the promise of digital transformation.

Yet, accelerated cloud adoption also exposes organizations to new business risks—especially when it comes to security vulnerabilities. Organizations need to balance the security needs of today with those of tomorrow. They should secure their existing technology footprint, while being prepared to manage what lies ahead—wherever they are on the cloud journey. Security teams should be agile and aligned with the business to be ready to protect their organizations and take advantage of cloud opportunities.

30%

of CISOs said they don’t have the skills needed to move into the cloud.

Security blind spots

Security teams need to recognize where their organization is on the cloud journey, yet they are hampered by:

  • A security culture shift. As network security adopts a zero trust approach, a pivot from direct control to shared responsibility is needed—demanding a culture shift. Security actions should keep pace with the ever-changing context of an evolving cloud journey to avoid new risks.
  • A scarcity of skills. Current resources are being asked to do their jobs in new ways which introduces new skill requirements. What’s missing is resources with security domain expertise and cloud technology skills, such as software engineers who have skills in identity and access management. Upskilling existing resources and adding new skills are needed to make full use of a Cloud Continuum approach.
  • Software automation advances outpace security. As cloud initiatives trigger advances in software automation, traditional Software Development Lifecycle management has become more agile. Security must keep up with capacity demands and the only way to achieve that is through automation. Increasing software automation requires the same from security capabilities to secure emerging services on cloud platforms. Unfortunately, skills and capacity in the security domain lag these software automation advances.
  • An inability to balance resources. As organizations open the door to new technologies, the stress on existing security resources and capabilities can introduce new vulnerabilities. CISOs must adjust multiple levers to manage their cloud journey—including technology, resourcing and strategic partners.

Choosing your route

While we recognize that there are a range of approaches that can be taken, the following routes represent the two ends of the spectrum commonly considered when moving to the cloud. Each route has different implications for how security teams steer progress on the cloud journey.

Sees the cloud journey through an incremental, tactical lens—less up-front investment, more cloud native approach, fast-tracks innovation. Security capabilities may be predominantly extensions of an existing ecosystem. 

Cloud journey

Move to a primary cloud provider in a SaaS, IaaS and PaaS environment to expand footprint.

Security focus

Optimize integration and incremental change, with security that adds to your existing tool suite; work in native environments and infuse that into tools your teams already know; involves software engineering policy as code (DevSecOps).

Sees the cloud journey through a transformative, strategic lens. Security capabilities may be more transformational in terms of moving security networks to a zero trust approach. 

Cloud journey

Move to a hybrid/multi-cloud environment; more complex but provides longer-term resilience.

Security focus

Disrupt and modernize complex systems; take on more strategic, forward-looking activities, such as adopting zero trust to transform the network security approach; initiate talent and culture shifts and changes to underlying security architecture.

For both routes, employ identity management and data security. The degree of complexity depends on which route is selected.

Security is the compass that helps guide effective decisions along the cloud journey.

Use security as a compass

Three considerations when using security as a compass to ease the cloud journey include:

Align security with the business

Make sure that CISOs and their security teams are deeply aligned and instigate business outcomes using security as the enabler to drive the cloud journey.

Take Action: Accelerate application and data migration; evaluate/rebalance the appropriate skillsets; make sure data is appropriately permissioned; demonstrate that what has been built meets regulatory demands.

Be secure by design

Use technology as a lever to integrate and automate security solutions and steer toward a cloud native architecture.

Take Action: Test the technology being used for its current security posture; take advantage of a cloud native security architecture and services to free up staff for higher priority cybersecurity activities.

Lean in to your ecosystem

Pause along the journey to engage with your strategic vendors and security peers and benefit from insights and industry expertise

Take Action: Reach out to your ecosystem, including other CISOs and vendors, to hear how they’re dealing with common challenges; anticipate skills demands by building new communities of technical or managed service experience.

Cloud security can enable better business outcomes by being:

  • Fast: Use cloud service provider native accelerators that enable security capabilities and controls to be deployed in minutes or hours, rather than months.
  • Frictionless: Embed security into existing solutions, business processes and operational teams.
  • Scalable: Apply automation and self-healing processes to reduce manual steps and break the resourcing model of adding headcount to enable organizations to scale.
  • Proactive: Establish pre-emptive controls to block accidental or malicious security incidents from happening in the first place.
  • Cost effective: Bake in security from the outset to avoid the additional costs incurred by having to re-do work.

In our own business we have been able to reduce build costs by 70%, cut in half the average time reduction to go-live operations and reduce run operations costs by 20% to 40% compared with our legacy approach. The Accenture cloud-native focused security offerings include:

  • Workforce and team strategy to optimize the current onshore-offshore operating model.
  • Smart working using Infrastructure as Code reduces employee travel to client sites and deployment lengths.
  • Digital ways of working to drive collaboration, innovation, flexibility and value-driven purpose.
  • Reduced talent acquisition spend through better attraction and retention of talent.

In addition to our experience in undertaking a cloud-first journey we made a US$3B investment to help our clients shape, move, build and operate their businesses in the cloud and realize the cloud’s business value, speed, cost, talent and innovation benefits.

Gretchen Myers

CLOUD SECURITY PRINCIPAL ACCENTURE SECURITY

Related capabilities

Secure cloud

Working with partners to help accelerate resilience in the cloud.

Cloud services

Get to value faster with Cloud first.

Security

Wherever your business goes, whoever it works with, you need cybersecurity that covers it all.