@Ashwani_PaliwalSome good points, but how many actually read and understand the Shared Responsibility Model, which every Cloud Providers has on their web sites? Which is part and parcel of the contract ones signs with the provider. This also tied to the SOC2 Reports which are required to provide assurance the cloud providers are protecting their infrastructure, systems as well as the clients.
Then use the NIST Cybersecurity Model and compare their Shared Responsibility Model, and then you really appreciate the real gaps and responsibilities - far more then an client originally thought in reality. It is quite eyeopening in some circumstances, depending on the clients experience and knowledge.
Which is another reason for getting an independent Cloud Posture Security assessment regularly service conducted regularly, and do not depend on the cloud providers own statements including the SOC2 report - according to auditors it must be independently conducted regularly, by a provider independent of the cloud provider.
The other side of the coin, is the number of mistakes clients actually make in configuration of systems, which the client is responsible for in many cases, including networks, virtual servers, storage etc. They must appreciate that the Cloud Provider, provides the infrastructure, services such as storage, security, logging, but the client is ultimately responsible for their configuration.
The client may be advised by the cloud provider, but it is like taking a horse to water, the horse may not drink!