Yes, it's more work. Yes cloud providers are supposed to save you (some) work. No, it's not unreasonable to expect you to be responsible for the security of your own damn servers.
Cloud providers sell capacity, not auto-magic
Cloud providers aren't there to rent you slivers of utopia for which you can pay by the hour and only for as much heaven as you can use.
They rent you space in their computing environment, exactly as they did when they were just hosting services, or co-location service providers or outsourcing service providers.
When you hired them under those names you knew you were responsible for security on the physical servers you placed with them.
The service providers only promised to provide enough reliable power, Internet bandwidth, basic monitoring of the physical environment and physical security of the building.
If someone got into your servers via telnet, FTP or anything else that didn't involve entering the building, the failure of that security was your fault, not the service provider's.
It's the same thing with the cloud.
Cloud providers rent you preconfigured chunks of computing resource rather than square feet of floor space.
You contract for so much bandwidth, so much CPU power, so much storage, memory, database-server space, access and performance characteristics and any other resources you need to make an application run on someone else's hardware.
They give you secure access to your VMs, build barriers between your VMs and those of other customers and make sure the security around the outside of the cloud environment itself is tight.
If someone enters using a fake ID from your organization, or hacks into your corporate net and then rides your VPN into the cloud and onto your servers, that's not the cloud provider's fault.
If hackers do the same thing to another cloud customer, but break out of their VM cluster and attack your servers, it's partially your fault if the servers are unsecured and you get pwned.
It might be the provider's fault another customer's hackers were able to approach your VMs; it's your fault there was nothing to stop them once they got there.
"Confusion" about how to manage cloud is more about denial than ignorance
Three years after I started writing about cloud computing I was still writing stories about how confused many companies were about cloud computing – what it was, what it could do for them, what they could do with it, how they'd work with anything put in a cloud, what they'd do if anything were lost…a whole series of questions I figured were self-evident to anyone savvy enough to investigate whether they should cloudify some part of their IT infrastructure.