Cloud Security Alliance Research Reveals Relationship between Security and Innovation

Research sponsored by Expel provides surprising insights into shifting cloud security strategies and trends

Press releases · Cole Finch

Herndon, Va., August 3, 2023Expel, the security operations provider that aims to make security easy to understand, use and improve, today unveiled a new report, “Security-Enabled Innovation and Cloud Trends” by the Cloud Security Alliance (CSA). The report, commissioned by Expel, showcases the results of research aimed at gaining a deeper understanding of several critical areas of innovation and cloud use trends. More specifically, the research was designed to:

  • Understand security professionals’ current views on their organizations’ relationship with security and innovation
  • Identify actual and predicted outcomes from security-enabled innovation
  • Examine cloud use trends, such as multi-cloud environments, containers, and movement between cloud and on-prem

“The survey findings paint a complex picture of the current IT landscape, where organizations are constantly striving for balance and optimization, navigating challenges, and adjusting their strategies based on a variety of factors,” said Hillary Baron, lead author and Senior Technical Director for Research, Cloud Security Alliance. “Today’s enterprises place a premium on adaptable, scalable, and portable solutions, and only by fostering a shared understanding of the strategic role of security, leveraging the benefits of multi-cloud environments, and carefully considering the potential challenges and trade-offs will they be able to successfully traverse today’s ever-changing digital landscape.”

Below are some of the insights uncovered by CSA’s research, including attitudes about security and its relationship with innovation, the benefits and challenges associated with multi-cloud use, and the surprising data that indicates organizations are migrating workloads from the cloud to on-prem.

The C-suite and staff view security as an enabler of innovation, but are disconnected on the extent of that vision
In general, respondents reported that organizations have a positive attitude towards security and its role in innovation. These organizations prioritize security during product development and regard it as a competitive advantage, as well as critical for nurturing a culture of innovation. However, the results indicate a disconnect in attitudes between C-suite leadership and security staff. Leadership sees security as a critical part of product development and cloud strategy, but security staff doesn’t see the impact it’s making on innovation.

Multi-cloud adoption brings strengths but also cost and resource management challenges
A majority of organizations surveyed (71%) are using a multi-cloud environment, mainly to leverage the strengths of different providers, improve performance and latency, enhance resilience and disaster recovery, and reduce vendor lock-in. But those perceived benefits come with challenges, as well. Respondents said their organizations have difficulty managing costs and resource allocation in multi-cloud environments, and struggle to integrate or orchestrate multiple cloud service providers (CSPs).

Migrating cloud workloads back on-premises is a growing trend
The research showed the surprising trend that more than half of organizations (59%) moved workloads back on-premises from the cloud, with most of these transitions taking place within the past 12 months. This implies a shift in organizational IT strategies, which could be attributed to changes in work arrangements following the COVID-19 pandemic.

“This research not only revealed the drivers behind many cloud security trends, but also provides organizations with intel for shaping strategic decision-making going forward,” said Greg Notch, CISO, Expel. “As we’d expect, security is helping drive innovation, so security teams should continue to make sure they have a voice early in the development process. At the same time, security will once again need to adapt to the evolution in how workloads are deployed and orchestrated, whether it is on-prem or in the cloud. These challenges present significant opportunities for security to have an impact in their respective organizations.”

Download the “Security-Enabled Innovation and Cloud Trends” report, and register for CSA’s webcast, A Cloud Crossroads: Trends to Know in Innovation, Multi-Cloud, and Kubernetes, to hear more about the research results.

To learn more about how Expel helps secure cloud environments, visit our webpage, set up a conversation with our team, or visit our booth (#1681) at Black Hat USA.

Expel is also offering a free trial of Expel® Managed Detection and Response (MDR) for Cloud Infrastructure. Sign up for the trial to get full access to Expel’s security operations platform, Expel Workbench™, where participants can onboard a lab or real environment of Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure, and trigger a test incident to see how Expel protects customers’ cloud infrastructures.

The CSA conducted the research in May 2023, and received more than 1,000 responses from IT and security professionals of various sizes and locations.

About Expel
Expel helps companies of all shapes and sizes minimize business risk. Our technology and people work together to make sense of security signals—with your business in mind—to detect, understand, and fix issues fast. Powered by our security operations platform, Expel offers managed detection and response (MDR), remediation, phishing, vulnerability prioritization, and threat hunting. For more information, visit our website, check out our blog, or follow us on LinkedIn or Twitter.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

Loren Guertin
Matter Communications on behalf of Expel

Amy McRitchie
Harvard on behalf of Expel

Resources home