"they also add new potential attack surfaces"
Okay, is it time to stop the bullshit about The CloudTM being easy to use ?
When it is working (which is not all the time) you have to track your usage (otherwise the bill at the end of the month is a punch in the gut), you have to ensure secure access, and now you also have to ensure against attacks you don't even know about.
I have a revolutionary idea : how about housing that server in your own server room ?