The goal of security management is risk management. Migrating business workloads to the cloud does not automatically reduce security risks or shift all security responsibility to the cloud provider.
Cloud security operates on a shared responsibility model. The cloud provider secures the cloud platform and provides security capabilities to its customers. The customer, in turn, builds a security architecture to protect their applications and business workloads, using the cloud provider's services or atomic capabilities.
As cloud adoption accelerates and the cost of network attacks continues to decrease, security measures often lag behind the pace of business development. Therefore, plan and design your security architecture at the start of your cloud journey, rather than securing your business workloads after they are already running.