While a public cloud provider, like Amazon, secures the datacenter and network, application owners are still responsible for securing their applications and virtual machines (instances).
When you host applications in the public cloud, you assume partial responsibility for securing the application. The cloud provider, for example Amazon Web Services (AWS), secures the physical data center (with locked badge entry doors, fences, guards etc) in addition to securing the physical network with perimeter firewalls. This is no significant change from how you secure your corporate datacenter.