@whitepines - Re: It can become cost prohibitive
You don't deserve the up votes in the same way I don't deserve the down votes.
Are you trying to tell us the CEO should login three times a day just to make sure those passwords have not been changed ? It happened to me when organizations asked me to help and provided me with two or three written down passwords that were no longer valid. By the way I'm not a cloud stuff salesman, I'm currently configuring telecom equipment but I've learned there is more to security than TACACS/RADIUS and a password kept in an envelope in CEO's office. Clue for you, do a Google search for privilege separation and privileged access management and start from here.
As someone mentioned in a post below, you're just changing the nature of the problem but your rogue admin scenario is gone. Yes, the outsourcer might have a rogue employee too but your company can hope to be compensated financially for the down time. As for compliance you'll have to do it anyway. Outsourcing or not, you're the owner of the data so act on securing it wherever it is stored. And it is better and cheaper to focus on securing data instead of caring for every switch and wiring closet door in addition to data. My career too is threatened but there's nothing I can do, developers have stolen the show. I would really like to adapt to the new reality but time is a serious constraint.