I don't think the DDOS argument really stands up on one of the big three cloud providers, they have built-in mechanisms to deal with that kind of attack, probably more than you're actually aware of. Also if your employees are losing access to the cloud you should probably look at having multiple VPN tunnels...Sorry, but in 2017 I'm tired of reading old school sys admin comments that are anti-cloud, for which their are plenty of on the register.
The cloud is as good as your architect makes it.
Biting the hand that feeds IT
