Transforming its initial security challenges into a streamlined compliance process. The company’s cloud journey, starting in 2015, led to a significant expansion of its cloud footprint from 9% to 90% for all business applications within the first year. However, as the complexity of cloud security increased across numerous accounts and a multi-cloud environment, Accenture faced challenges in keeping up with the rapid pace of development.
Initially relying on a bespoke security approach due to the lack of readily available security cloud solutions, Accenture eventually realized the need for a more efficient and scalable process. The company addressed this challenge by centralizing its cloud control development, creating a virtual cloud controls factory in collaboration with Palo Alto Networks and adopting Prisma Cloud. This lean process involved five virtual departments, including research and development, production, quality assurance, shipping and receiving, and customer service.
Drawing inspiration from The Toyota Way, a management philosophy based on 14 principles, Accenture applied manufacturing-style principles to industrialize its cybersecurity control production. This included continuous improvement involving all stakeholders in the cloud security compliance process, building strong relationships throughout the supply chain, and standardizing controls for efficiency.
Since implementing the cloud control factory and Prisma Cloud, Accenture has achieved significant results, including doubling the number of certified services each month, an 84% increase in release controls in a single year, and a 50% reduction in the time between releases. The company has also streamlined business operations, reduced incident response and remediation efforts, and paved the way for future automation of security processes.
By adopting this approach, Accenture’s developers can now focus on solving business problems and innovating without the burden of extensive security considerations. The cloud control factory ensures faster approval of cloud objects, allowing developers to work more efficiently while the security team remains in the background, ensuring compliance and security without hindering development progress.