> I can tell you that neo clouds (generally) do not see security as a high priority—or often, even their responsibility.

AWS explicitly spells this out in their Shared Responsibility Model page [0]

It is not your cloud provider's responsibility to protect you if you run outdated and vulnerable software. It's not their responsibility to prevent crypto-miners from running on your instances. It's not even their responsibility to run a firewall, though the major players at least offer it in some form (ie, AWS Security Groups and ACL).

All of that is on the customer. The provider should guarantee the security of the cloud. The customer is responsible for security in the cloud.

[0] https://aws.amazon.com/compliance/shared-responsibility-mode...