Networks and Encryption
The key with Encryption is key management. You want to have a split key with multiple parties that are required to come together to decrypt the data. This is part of the Payment Card Industry/Data Security Standard.
e.g. In our case one key holder has been through the NHS vetting for controlling patent data, and the other key holders have been through the Developed Vetting process for Official Secrets.
The other part is understanding that if you connect to a network then the system is _NOT_ secure. No system that is connected to a network is secure, and you need to do a lot of work to provide a reasonable assurance of security.
There are some economies of scale that a cloud provider hosting an ecommerce application as core business is likely to have more security resources than a corporate office along with the network segmentation to protect against cleaners/temporary staff having access to the network.
If you want cheap security, stand alone PC's with removable hard drives that go into high quality safe, when not in use, is a cheap solution. You need to physically remove USB, floppy and other interfaces or solder them up (cheaper if destructive).
Fibre networks and 3 meter air gaps as firewalls works well, but is a bit more expensive.
Otherwise, a cloud is probably your next best bet if you are going to connect to the internet.
All the best - Ronald - @UK PLC