The cloud has a shared responsibility security model. Below a certain line is the responsibility of the cloud provider and above it is the responsibility of the account owner. For Cloud Native Architecture, this line is drawn much higher. As a result, more responsibility is shifted to the cloud provider, because more capabilities are delivered by the cloud provider.
Below this shared responsibility line are state of the art data centers, a highly skilled workforce, secure services, and a culture of security and security innovation that is driven by fierce market competition. It is arguably very difficult to reach this level of security when the core competencies of your business lie elsewhere.