[raesene3]

on your second point, I'd be careful before making that assumption. Without evidence there's no reason to believe that a supplier company will have better security than your own and it's entirely possible they don't.

Also should a supplier suffer a breach they have powerful incentives not to disclose that breach to you, and where intellectual property is involved (e.g. code) the theft may well not become immediately apparent.

[sargun]

The provider has a specific set expertise that's probably better aligned with hosting this service. Since it's a revenue center for them, versus a cost center, they're better equipped to make the case to hire specialists.

The your second point - legalese is very beneficial for that. In the US at least, as long as it's not a protected (by FISA, etc..) organization breaking into your provider's systems, contract law covering compromises is a fairly well developed area.

[DanteVertigo]

I'll put the question as follows? Do we really need such a service? Come one! Come on!