I don't need an MBA to understand that any data I copy over the internet onto a server of someone else - is no longer my data - can't be more secure than an "air gap" copy - can't be copied faster than local cloning of storage media - is vulnerable to internal malicious actors in the third-party provider's domain, over which I have no influence and no control. Furthermore, I think that MFA was only conceived in order to reverse the blame, in the sense of “It's not the hacked company that is to blame, but the user who made a mistake with MFA”.