In the public cloud, the provider takes care of the security of the infrastructure. The provider has IT security specialists who secure the systems. Companies often do not have enough IT staff to do this.
Nevertheless, most public cloud providers give no guarantee that no data will be lost. So how do you recognize a secure cloud provider? A trustworthy provider can show security certificates such as ISO 27001. A good indicator is if the data centers are operated in Germany or the EU. The provider is then obliged to comply with EU or German law.
With public cloud storage, the user is responsible for configuring the storage setup and applying the security guidelines. This requires internal knowledge and regular training. If policies are not applied consistently, this leads to exposed buckets and data.
When you store your data locally on a NAS, you know how and where your data is stored and have full control over it. The data is not shared with third parties, such as a cloud provider.
But with full control comes full responsibility. You must ensure that your data is stored in compliance with the law, is not lost, and is protected from cyber-attacks.