Unfortunately, it was a problem that Burkhardt admits that not one — not even him — saw coming. “When you no longer have to plan to procure the right size hardware or, when you no longer have to think about capital investments and you can go at pace and pick whatever VMs you need, whatever cloud objects you need at the speed and scale that you can achieve intentionally or unintentionally is incredible,” he says. “Securing the size of that and really understanding how to keep up with all that inventory, it was I think a challenge that nobody really understood was going to happen.”
Simplifying security through centralization
Once it realized the problem was only mounting, Accenture investigated potential solutions it could adopt to allow the company to streamline its entire cloud security compliance process and sustain it for the long term. The solution it adopted was a new lean process involving a partnership with Palo Alto Networks, one of Accenture’s long-term go-to-market partners, and the adoption of Prisma Cloud.
Accenture developed a virtual cloud control factory to support five major, global cloud infrastructure providers and enable reliable inventory; consistent log and alert delivery to support security incident detection; and predictable, stable, and repeatable processes for certifying cloud services and releasing security controls.
The factory features five virtual “departments”. There’s research and development, which performs service certification, control definition, selection, measurement, and continual re-evaluation; the production floor designs and builds control; quality assurance tests the controls; shipping and receiving integrates controls with compliance reporting tools; and customer service provides support to users after a control goes live.
“What we decided to do was centralize that cloud control development, get all the needs into one place, start organizing them in a way that we could run them through a factory and get them out there so people can use common controls, common architecture that had a chance of keeping up with [our engineers’] innovation sitting on top of the [major cloud platforms’] innovation,” Burkhardt says
Shaping security controls The Toyota Way
The decision to streamline its security controls follows The Toyota Way (TTW), a management philosophy based on 14 principles. Accenture has used it to help define the processes and tools necessary for its controls and cloud security compliance.