“Great news, team: We’re moving to Amazon Web Services. We’ll get all of our services there, including data, compute, governance, and security.”
When you hear that, don’t just think, “Great, we’re done.” That last item is where the danger lies: Security can’t stop where the public cloud ends, and security can’t stop inside your datacenter. Security needs to be overreaching and systemic to all platforms, both cloud and non-cloud.
And that means no matter how good the security is of your cloud provider (and it is typically quite good), you still have to manage the overall security because nothing exists solely within the cloud. At the very least, you have endpoints to consider, and very likely your datacenter.