A cloud is network and tools, less hardware. For example see this [1] Reddit thread discussing network in Hetzner. Any other bare-metal would have same challenges. Once you solve network security you have to deal with server access. People hired and fired, hardcoded SSH keys is a bad idea. Once you solve access you likely have AD, LDAP and SSO of some sort. Then backups, and automated test suite + periodical test recoveries. Then database and backups. Then secrets, does all members of your team know production db password? And so on and on.
Maybe TCO still favors bare-metal but you have to spend a lot of time on configuration.
Maybe TCO still favors bare-metal but you have to spend a lot of time on configuration.
[1] https://www.reddit.com/r/hetzner/comments/rjuzcs/securing_ne...