This might have been true 10-15 years ago. But I've worked at plenty of places that store/process confidential, HIPAA, etc data in the cloud.

Most company's confidential information is already in their Gmail, or Office 365.