Re: "secure multi-tenancy rigs."
>If you want security you have to do it yourself
While I don't altogether disagree with the underlying proposition, that presupposes that 'you' can build an infrastructure that's more secure than your external suppliers can, and in practice everyone's reliant on external partners to a greater or lesser extent. Heartbleed, after all, demonstrated just that.
Obviously all the levels of indirection that come with external hosting, cloud hosting etc bring in layers of extra risk, but to make an extreme if not ridiculous comparison, that's still far less risk than an unpatched windows box sitting direct on the net with no firewall protection. You just have to do the best you can, but if you're doing it with my money, well, maybe I will wonder if the risk is similar to that nice investment opportunity in last night's email...