Hosting trade secrets on a cloud-based service, where any Asana employees can monitor your activity, where Chinese hackers (yes, that fear-mongering term actually applies here) can get to your trade data, pre-copyrighted/patented ideas, etc etc is a terrible idea.
If they sold the software maybe you could host it on-site, but having this on centralized servers with many other companies is incredibly risky and generates a huge target.
What makes you think you're going to be able to secure your snowflake instance of Asana in a heterogenous environment better than they can where the costs of getting it wrong are the death of the company?
An effort to break into a large cloud company storing thousands of interesting accounts has a bigger payout. Attempts to attack such a service will be made more often and with more sophistication than attacks on a smaller company only having one set of potentially interesting secrets.
If your company really values its corporate info so much, it likely already has policies and expertise to secure its own servers. If not, maybe a cloud instance is safer.
I don't know if Sandstorm.io has an app like Asana specifically, but they have a pretty good Trello-like app and I think it fits the criteria pretty well for mostly painless self-hosting.
If they sold the software maybe you could host it on-site, but having this on centralized servers with many other companies is incredibly risky and generates a huge target.