> easy to setup different permissions for users (authorisation considerations)

Centralized permission management is an advantage of the cloud. At the same time it's easy to do wrong. Without the cloud you usually have more piecemeal solutions depending on segmenting network access and using the permission systems of each service

> able to transfer assets to another owner (e.g., if there's a sale of a business) without needing to move physical hardware

The obvious solution here is to not own your hardware but to rent dedicated servers. Removes some of the maintenance burden, and the servers can be moved between entities as you like. The cloud does give you more granularity though

> other outsiders (consultants, auditors, whatever) can come in and verify the security (or other) of your setup, because it's using a standard well known cloud platform

There is a huge cottage industry of software trying to scan for security issues in your cloud setups. On the one hand that's an advantage of a unified interface, on the other hand a lot of those issues wouldn't occur outside the cloud. In any case, verifying security isn't easy in or out of the cloud. But if you have an auditor that is used to cloud deployments it will be easier to satisfy them there, that's certainly true