And yet we rush to the cloud, increasing our attack surface to an unimaginable degree.
The basic problem is two fold. One, the whole problem is far too complex. Developers pile complex systems higher and deeper and laugh madly at the tangle, rushing blindly to pile even more systems into the mix that were never designed to work together. At the same time ignoring the fact even one flaw can destroy the whole thing.
Kind of like the pressure hull on a submarine, really.
Second, NO ONE knows how security works. Or, more precisely, we have no idea how to implement security in a simple manner. In security complexity is lethal. It's far easier to secure a single locked room than it is an entire city.
We cannot solve the current security Gordian knot. We have forgotten KISS and until we fundamentally change our approach we never will.