The way businesses perceive their security teams has shifted over the past several years. Security and IT departments are increasingly being asked to justify security investments and organizational leaders are beginning to recognize that security is an enabler for competitive advantages, especially in product development and cloud strategy. Despite this acknowledgment, recent research conducted by the Cloud Security Alliance (CSA) reveals that security teams and the C-suite don’t always have a shared vision for execution.
The CSA research reveals a number of other notable trends, including that a surprising number of businesses are migrating workloads back on-premises—even as multi-cloud environments grow more common. As the digital landscape becomes increasingly complex and interconnected, businesses are moving away from pre-defined roadmaps and discovering unique ways to navigate the challenges specific to them. That said, misalignment between security teams and business leaders has the potential to derail this progress. Improving internal communications and collaboration should be a top priority for today’s organizations.
Businesses Are Returning to On-Premises Solutions
For years, it felt as though businesses couldn’t move operations to the cloud fast enough—and while the cloud certainly isn’t going anywhere, a surprising number of businesses are moving their workloads back on-premises. CSA’s research showed that 59% of organizations have moved workloads on-prem and away from the cloud, primarily citing performance optimization and lower latency needs. Nearly two-thirds of those businesses (65%) indicate that a change in business strategy or direction is behind the decision to bring those workloads back in-house, underscoring that businesses see a mix of cloud and on-prem workloads as better suited to their specific requirements.
This makes sense in a post-pandemic context: organizations were forced to rapidly embrace digital transformation amid the COVID-19 crisis, which necessitated a shift toward remote operations and the cloud. As a growing number of businesses transition back to in-person work, many are seizing the opportunity to bring their workloads back on-prem. Interestingly, this movement hasn’t necessarily come at the expense of the cloud—most businesses are still operating with one or more cloud environments. Instead, they are seeking ways to optimize their operations, leveraging both cloud and on-premises solutions where appropriate.
The Double-Edged Sword of Multi-Cloud Adoption
To this point, 71% of organizations now indicate that they use two or more cloud environments, highlighting the growing trend of cloud diversification. Organizations turn to multiple Cloud Service Providers (CSPs) for a number of reasons, but the most common include leveraging the varying strengths of different providers, improving performance and reducing latency, enhancing resilience and disaster recovery capabilities, and reducing the problem of vendor lock-in. These businesses are not engaging multiple cloud partners by accident—79% say that their multi-cloud approach is the result of an intentional business strategy.
Unfortunately, a multi-cloud approach also brings challenges. Sixty-one percent of respondents reported that it was difficult to manage the costs and resources needed to maintain a multi-cloud environment, and 57% reported that integrating multiple CSPs could be a problem in its own right. Unsurprisingly, businesses also report that establishing consistent security and governance policies across multiple cloud platforms can be a challenge, especially from a cost perspective. This challenge is even greater when one of those cloud choices is on-premises infrastructure. While these drawbacks must be weighed against the clear advantages that multi-cloud environments offer, they serve as an important reminder that businesses should weigh their specific needs before committing to a cloud strategy.
Security and the C-Suite Aren’t Always on the Same Page
Perhaps the most revealing finding in CSA’s research was the ongoing disconnect between security teams and business leaders when it comes to cloud security and its impact on innovation. While 43% of executive and C-level respondents indicated that they believe security is prioritized and strictly enforced during product development, just 27% of security staffers felt the same. Similarly, half of executive and C-level respondents felt that security is prioritized during cloud strategy implementation, compared to just 31% of security team members. It is clear that business leaders feel they are prioritizing security in a meaningful way—and equally clear that security team members often disagree.
This disconnect will need to be addressed to business and security leaders to move forward with a unified voice. This will require better communication and collaboration. Business leaders need to be able to generate buy-in among security staffers by helping illustrate the impact of their work, while security teams need to level up their ability to articulate risk in terms of business outcomes and be able to convey their needs and goals in ways that leadership can understand. It’s clear from CSA’s research that business leaders already consider security to be a priority, and improved communication can help them understand how to ensure their actions line up with that vision.
New Cloud Trends Mean Better Communication Is a Must
The fact that today’s organizational leaders recognize the correlation between strong security and robust business operations is encouraging. As the adoption of multi-cloud environments continues to expand, a strong cybersecurity program will only become more important—and as some organizations pivot back to on-premises workloads, security teams will need the resources to protect their evolving network infrastructure. Improving communication between the business and security sides of the organization is the first step toward solving this problem and ensuring that goals and interests are aligned throughout the enterprise.
He’s been doing the security and tech thing for over 20 years — helping companies large and small through all three dot-com booms to build high-performing engineering teams and improve their technology, process, and security. Before Expel, Greg spent 15 years as the CISO and Senior Vice President of Technology at the National Hockey League (NHL), where he led their information security program. He also led the league’s technology strategy, digital transformation, and cloud initiatives. Prior to the NHL, Greg worked on infrastructure, security, and software systems for Apple, Yahoo Search, eMusic, and several other NYC-based tech startups.