Your cloud provider can only do so much to protect you. They provide physical infrastructure and access; they provide (presumably) secure software for building and administering your virtual infrastructure; they may provide the operating system and other software you use in your virtual machines. But they don't relieve you of your own security responsibilities.
Both you and the provider have responsibilities. This is called the Shared Responsibility Model. Amazon Web Services describes the distinction as AWS being responsible for security "of" the cloud, and the customer having responsibility "in" the cloud.
AWS secures the global infrastructure: availability zones, edge locations, and the basic facilities of compute, storage, database, and networking. AWS also provides services like global DNS (called Route 53), which helps eliminate one common target of cyberattacks. With Route 53, AWS assumes responsibility for DNS server security, as well.
The customer is responsible for managing all aspects of their environment in the public cloud. This includes elements such as networking configurations, access control rules, encryption usage, and so on. More important to understand - the customer is responsible for the protection of their applications and data, regardless of whether they are using [basic] cloud-provided services and features or [more comprehensive security] available from third parties, like Palo Alto Networks.
This shared responsibility model can't really work any other way. If your systems are properly secured, then the infrastructure provider will have no visibility into your data and programs. With few exceptions, all they will see is encrypted data. Their job with respect to security is to protect the physical infrastructure, administrative systems, and the integrity of the cloud itself, that is, to protect customers from each other. Optimal protection for your systems and data requires knowledge and control of those systems and data. This must be the domain of the customer.
Cloud providers invariably claim their data centers are more secure than yours. It is likely they are. For this reason, it is tempting for customers to overlook their responsibility - that of protecting the apps and data they deploy to the cloud. The reality is this: Unless you take necessary steps to protect your applications and data in the public cloud, you're putting your business at risk. Put differently, you should protect your applications and data in the public cloud with the same level of diligence used to protect your data center.