I don't personally believe that utilizing Azure, AWS, GCP, or any other cloud vendor suddenly means that organizations don't have to worry about security. While the cloud vendors secure their own infrastructure, they don't automatically secure deployed services or VMs that you build using their services. You still need to have folks ensuring that developers and administrators are building things securely and properly securing utilized services.
You see this a lot with data storage and databases being published on cloud vendors without the proper security in place leading to data exposure. That's really just an example though, at the end of the day the cloud vendors will still let you make things as secure, or insecure, as you "need". They aren't there to actually safeguard what you deploy, they simply provide the infrastructure that you can use to build services.
If anything, I actually think that a lot of organizations that have historically been utilizing datacenters instead of cloud services actually require larger security teams to match the security they used to have on-site. One of the benefits of the old datacenter model was clearly defined DMZs and not having services public by default. Now organizations are deploying things publicly by default when using cloud vendors, don't necessarily have clearly defined VNets, and don't automatically have things firewall'd off as soon as they've deployed things unless they setup policies properly. Add in the fact that you now have developers deploying resources without necessarily having administrators do it for them and you pretty quickly need more "eyeballs" from a security standpoint.
... View more