This isn't always true. Using a SaaS is outsourcing these concerns, and sometimes you're outsourcing them to someone who will do better than you would and sometimes worse. I've worked on a couple of SaaS where security was absolutely not top priority. Especially in Silicon Valley, organizations often value growth over sound processes, fully staffed security teams, and managing tech debt. Many a SaaS has leaked customer data and survived, so many think they CAN allow that risk.
I didn't say that it is always the case. The same argument you use can be used to talk about companies who are going to self host Confluence.
I agree that a lot of Saas startup are going to neglect security. But here we are talking about Knowledge base tools Saas companies. This is not some standard Saas company. They know they are in charge of company internal secrets. Or at lest I hope
Any time a SaaS gets compromised there's a similar comment here about how obviously this is going to happen when you give someone else your data, and it should have just all been within your own firewall, unexposed directly to the Internet.
I mean right this minute there's a privacy-focused SaaS on the front page for not being as private as everyone thinks. There's also a network hardware vendor on the front page for including back doors. A philosophy like "SaaS vendors know they can't allow security breaches" is really glossing over the need for layers of security and knowing that it's ultimately all on the trustworthiness of specifically who is involved.
If you can afford to not expose it to the internet obviously you are going to have better security. But this is not always desirable talking about wiki software.
I can't disagree with you. But you can either deny that the average Saas is more secure than a forgot Confluence internal servers exposed to the internet
