DevSecOps: Accenture begins transforming the way we deliver our IT solutions for more agility, higher quality, and innovation
Andrew Wilson
Chief Executive Officer | Board Director | Mission Critical Operator | Digital Transformer | Business Strategist | Visionary Leader
This is a busy and exciting time for Accenture’s internal IT organization. We are always moving with as much agility as we can to be in the New now. One of our many initiatives currently underway is our shift to a new way of delivering information technology.
We are undertaking a development and operations transformation with a focus on optimizing the collaboration between those two capabilities, and embedding security in the process. Development, Security and Operations (DevSecOps) converges application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. In our view, it is a culture, process and technology model to enable more agility, higher quality and more time spent on innovation.
Our move to DevSecOps looks to replace administrative efforts in security and operations. Doing this will allow our internal IT teams to be more agile and engage in more interesting and innovative solution work. For us, it is the next phase of building on prior phases of maturing our development, operations, and automation capabilities.
A multi-year journey
To be sure, shifting an IT organization the size of Accenture’s to DevSecOps will take time. We see it as a multi-year journey. We are in the early stages of our journey, which is focusing on defining the vision and laying the road map of moving development and operations capabilities into the New. Our vision of DevSecOps is to provide a consumable, seamless, automated process that ensures compliant delivery within Accenture guidelines—essentially, delivering more capability to the business more quickly that is secure from the start.
The approach taken to date to achieve the desired outcomes consists of four main steps:
- Defining the outcome and vision of DevSecOps in a measurable and objective way.
- Assessing Accenture’s platforms and delivery teams’ ability to move to the DevSecOps model.
- Building platform technical enablers and automation.
- Transitioning teams to run in a DevSecOps model versus the old model of development separated from internal IT Operations.
A cultural change above all
The delivery and maintenance of our DevSecOps capabilities are being transformed through processes, tools, and, most importantly, a significant cultural change. Teams will be transitioning from siloed development and formal hand-offs of code to operations to transitioning to be service-oriented, involving having accountability for end-to-end delivery of a service. This new DevSecOps model is often described as a “you build it, you run it” and “I own the service, it’s my business” type of approach. It’s an agility play, a quality play, and a change in culture. It’s a big—and exciting—change.
Foundational principles: agile delivery and automation
DevSecOps relies on two foundational principles for delivery: the agile framework and extreme automation. Agile delivery, in a DevSecOps context, allows teams and organizations to run hypothesis-driven development before investing large amounts of time and money. Automation directly enables the agility and quality goals of the vision by replacing administrative and manual work. This approach also taps into Accenture’s internal IT vision for IT in the platform economy, where new capability is brokered as a service rather than planned and delivered in legacy form.
Performance shift in agility, quality, and culture
DevSecOps is an enabler that delivers automation, repeatability, agility, security, and speed across the entire life cycle. While our DevSecOps journey is in the early stages, it is notable in that we are aiming to perform DevSecOps at Accenture’s complexity and scale. This is in contrast to how it typically is performed at small scale.
Over the next several years, our internal IT will be focusing on significantly shifting performance in the key areas of agility, quality, and culture. We will be looking at achieving such objectives as delivering capabilities more quickly and securely, increasing the number of deployments per day, further decreasing change failure rate, and enabling teams with end-to-end autonomy. Our aspiration is to transform the delivery of our internal IT’s DevSecOps capabilities so that they drive increased value for Accenture resulting in faster delivery, improved quality, and more innovation.
And your organization, how it is using DevSecOps? I’d like to hear about it.
Andrew
Related Material: Bringing DevSecOps Home Credential
You can follow me on Twitter at @andrewxwilson.
Andrew Wilson is the chief information officer at Accenture.
Managing Director, Gesch?ftsführer, CRO, EMEA VP Sales Leader | Cyber Security IT & OT | SaaS | AI LLM | Cloud Services & MssP | App Sec | Smart Buildings | EMEA Expansion / Ramp-up | Experienced in Private Equity Exits
5 年a nice and interesting article Andrew. thank you
Security Executive
6 年Iwan Schuurman Folkert De Boer Suyi G. Amit Sharma
Software Development Security Expert ?? | Looking for new talent at Cyberella ?
6 年Hi Andrew, we have been advising our Dutch enterprise clients for some time now on DevSecOps. Would love to have a chat on your view for Accenture. Let me know if this sounds interesting to you!
Business Transformation Director
6 年I can see how the “you build it, you run it” approach works. Andrew, it would be interesting to learn how you choose measure the success and feed that back into the teams to evolve the change. ?
Head of Projects and Programmes at Telstra Purple EMEA
6 年This is well worth a read. Putting ‘Sec’ in the middle of DevOps almost makes it palatable... also, I could challenge some of it, but what can’t be challenged is the right to opinion of an internal IT organisation supporting a global workforce of over 500k!