Cloud isn't less secure than on-prem if you are your average software startup or non-tech company, which, for many reasons, is unlikely to go all out on on-prem security. Commodity cloud should be less secure than on-prem, if you are fucking Booz Allen...
>Cloud isn't less secure than on-prem if you are your average software startup or non-tech company
Even that's hard to argue, unless you rely on a fundamental incompetence within that startup or an often-unprovable competence level on the part of cloud providers.
There have been enough cloud-hosting provider security facepalms hitting the front pages now so 'cloud providers are better at security than small shops' is starting to be called out as the blind falsehood it has always been. Fundamentally it has always really been 'We're unable to see what these guys are doing behind the curtain so we'll assume good faith', and little more. The emperor may have clothes, or in many cases has been utterly balls-out naked, but up until now groupthink has been that not knowing = must be secure.
I am biased though, I spend most of my work hours analysing service providers big and small, self-hosted and cloud, and have probably developed a suitably sceptical view in that time.
