Disabling remote root login isn't as big a deal as it used to be - as others have said, if someone gets your administrative account you're pretty screwed anyway - and if they get your password for sudo, it's the same thing.
Other than that, it really depends on what you mean by cloud.
Root login shouldn't be your normal entrance. For maintenance stuff use sudo-capable regular user account with public key authentication. If there's some software that requires root login and you cannot do anything about it, enable root login and allow it only from the specific IPs.