> One of the top cloud companies who everybody assumes are supposed to have security and security experts beyond what you can deploy, which is one of the main reasons given for why you should move to cloud deployment,
I’d say your assumptions are wrong there. Security is not one of the main reasons for moving to the cloud. It’s not even _a_ reason to. Delegating responsibility for security might be cited as a reason but that’s not the same as saying the cloud is “more” secure. That’s just saying you are you don’t want to pay for security yourselves. Which is a whole different thing to what you’re claiming.
You’re conflating sales pitches with actual business decisions that management make. I’ve been on the decision making board for a few companies and the pragmatic reality is the only time people cite security as the reason for moving to the cloud is when:
1. They’ve lost all their sysadmins / security staff and thus need to outsource that governance
2. When they’re looking to delegating responsibility (ie say to the customers “it’s an Azure issue, they’re fixing it”).
In both instances it’s not about Azure / AWS / GCP being more secure, it’s about _WHO_ owns the responsibility for securing.
The difference is important.
More often the actual reasons for migrating to the cloud are cited as cost saving (which is often misunderstood too but that’s another topic) and quicker deployment times (this is probably the strongest valid argument in my opinion)
I’d say your assumptions are wrong there. Security is not one of the main reasons for moving to the cloud. It’s not even _a_ reason to. Delegating responsibility for security might be cited as a reason but that’s not the same as saying the cloud is “more” secure. That’s just saying you are you don’t want to pay for security yourselves. Which is a whole different thing to what you’re claiming.