How often have you been told you can't use a mainstream public cloud provider? Quite often, probably, especially if you happen to work in a regulated industry like banking or healthcare. And what justifications are you given? The regulator "won't let you," no doubt? That's a good one. And "it's not secure" is often pretty close behind. Either that, or the argument that generic public cloud infrastructure can't possibly meet your very special, very unique, very carefully crafted mix of requirements?
Sadly, despite the frequency with which they're trotted out, these attempts at justification stand a pretty good chance of being either hearsay, or just complete nonsense.
It's easy not to change, and to justify your inertia with reference to the scary, punitive, hopelessly luddite regulator. It's easy to continue lovingly polishing the hideously complex snowflake your internal computing environment has become. It's far harder to look at the truth behind the hearsay, and to work out when doing something different might — or might not — be the better approach for your business, and its effort to win, serve, and retain customers.