Wyomingknott, I'm right there with you, and have written about this topic many times. In 2014 I was outsourced because of a company called Emphasys, largely for going against the CIO's love of outsourcing and new wave cloud hysteria (all surveys show both cost more than in-house solutions over time). But when a CIO spends every waking hour trying to conjure artificial up front cost savings so she can grow her bonus and profit sharing structure, it turns out to be a losing and career ending battle for those standing in opposition.
The first year that cloud services saw large corporate migration there were billions of dollars of corporate data loss (I used to have the Gartner, Bloomberg and MIT tech reports on the topic). Our company was the third largest patent holder in the world, and beyond the successes of our product offerings, we thrived from our IP. My anti-cloud chants and professions of Chinese, Russian and Indian hacking were always met with figurative pat on the head dismissals. The last 6-7 years have proven out my position and the obvious.
Any promised or even proven security measures are about to be relegated to the dumpster of eternity thanks entirely to FVEY (Five Eyes). These 5 country/nation states have demanded privately accessible back doors to all programs and security protocols under threat of legislative action, punitive financial action, loss of license and "more" (the government's way of saying we can do anything we want).
In short, as long as programs are written by people, hacking, Russia, China, India and the NSA are involved, no program or security protocols will protect our data, or interactions with and between computers.