In general, don't do anything that isn't your core business. Or another way of saying it, Do What Only You Can Do.
If you are an insurance company, is building and maintaining hardware your business? No, not in the slightest. You have no more business maintaining computer hardware as you have maintaining printing presses to print your own claims forms.
Maintaining hardware and the rest of the infrastructure stack however, is the business of Amazon AWS, Windows Azure, etc. The "fantasy" you're referring to is the crazy idea that you, as some kind of God SysAdmin, can out-perform the world's top infrastructure providers at maintaining infrastructure. Even if you were the best SysAdmin alive on the planet, you can't scale very far.
Sure, any of those providers can (and do, frequently) fail. Still, they are better than you can ever hope to be, especially once you scale past a handful of servers. If you are concerned that they still fail, that's good, yet it's still a problem worst addressed by taking the hardware in house. A much better solution is to build your deployments to be cloud vendor agnostic: Be able to run on AWS or Azure (or both, and maybe a few other friends too) either all the time by default or at the flip of a (frequently tested) switch.
Even building in multi-cloud redundancy is far easier, cheaper, and more reliable than you could ever hope to build from scratch on your own. That's just the reality of modern computing.
There are reasons to build on premises still, but they are few and far between. Especially now that cloud providers are becoming PCI, SOX, and even HIPAA capable and certified.
Yes. AWS, Azure, etc. are focused on (and are actually pretty good at) providing compute services (whether that be PaaS or straight-up VMs). However, what they are not is contractually responsible for the safekeeping or integrity of your data.
There are definitely use cases for using "someone else's servers." Use them for external-facing resources like a web presence, customer portal, extranet services or even email. But when it comes to business critical systems and data, no one has a more compelling motive to secure and maintain them than an internal IT staff.
I imagine you'll disagree with me, which is fine. I would point out that despite the costs of implementing and maintaining a highly availabile internal virtualization environment, many of those costs are significantly offset by the usage and maintenance contracts as well as network connectivity required to support internal access to "someone else's servers."
In the end, it's a matter of balancing the costs against the criticality and confidentiality of the data, IMHO.
Assuming it would require me to provide personal information, remind me not to do business with whatever company you work for. Then again, if you're a shill for a "cloud" (marketing-speak for "someone else's servers), I understand. Either way, carry on.
