[abel212]

My company recently dropped our in house data center and moved almost entirely to AWS. We had a few reasons; we just don't have the multiple data centers to gauruntee uptimes. Our product isnt data security so our limited staff can't keep the data as secure as AWS whose entire business is around security. And we just got to a point where it was cheaper to host on AWS than just to maintain our own data center. I hope that offers a little insight

[takeda]

I don't think moving things to AWS makes things more secure by default. It is actually easier to create services in AWS or GCP (never used azure) that are publicly open than implement proper security (I remember specifically RDS defaulting to public IP unless you set up private subnets, same with GCP SQL (although they blocked all access but default, though once again it is easier to unblock it for all than e.g. using their proxy), GCP VMs automatically get public address unless you explicitly disable it, don't remember EC2 but I think it was similar.. So the argument of not needing to have someone who knows about security is a good one. You need that person as much (if not more) with public cloud.