I actually have been working on a startup that is trying to work on reducing your reliance on trust in your infrastructure providers: we basically let you put your "perimiter" checks inside a piece of hardware that you control completely within a cloud service, and that takes the cloud provider out of the equation - and it should take us out of the equation too, since you host the instances.
My brother worked for a fund, and at some point ended up in a conversation with BoA's CTO at some industry event. CTO was shocked my brother's fund was all on prem vs using AWS. The party line from my brother's fund? "We compete with Jeff Bezos for deals so we don't trust him."
I don't really want to argue the merits of that perspective, I'm just reporting an anecdote that there's definitely customers with it.
Thank you! I hadn't been thinking about that, but it makes sense.
I certainly think that the set of people who don't trust clouds is probably bigger than it should be, but there are some cases where the "natural bug bounty" (available money to steal) is over 100x higher than the earnings of a software engineer and it's easy to cash out. I think it may be reasonable to be paranoid about your cloud provider's (and their employees') access to your systems if that is the case.
Yeah, even if you don't think cloud providers are doing scummy stuff as policy, there's always the risk of rogue employees. One of the startups I worked for had that happen with a remote office. They decided to wind down the office, gave generous severance and plenty of warning, but one of the devs felt they had nothing to lose so they snuck a trojan onto the servers that would siphon away some of the ad revenue. It wasn't very sophisticated so we found it the first morning the metrics took a dive.
