I've long been of the opinion that the core assets of a software company (e.g. source code and any system that touches it, continuous integration environments, internal wikis containing design/planning docs, etc. etc) should always be closely-held. In other words, hosted in-house, maintained by employees, and not managed by outsourced vendors.
However, I'm starting to revisit this line of thinking. Some counterarguments, in no particular order:
- We've outsourced email forever (because the associated admin is just way too costly), and there's plenty of confidential / "proprietary" stuff flowing through email (not on the level of source code, but certainly business terms, technical discussions, etc)
- No one really cares about our stuff that much. We're a small software company, and in a hosted environment, the changes of us being targeted for theft, etc., seems absurdly small given much more lucrative opportunities for such things. (This the apparent vs. actual risk aspect.)
- We don't have a dedicated sysadmin, so just think of all the time and resources being spent/wasted managing various internal systems only because of some amorphous fear.
- Of course, even worse is the opportunity cost of the admin time/resources. Maybe we wouldn't be so small if we weren't fiddling around with CI server admin and such ;-)
EDIT: Just FYI, by "cloud/outside hosts", I mean operations like Amazon AWS, Rackspace, et al.; decidedly not second or third tier hosts, startups, mom-and-pops, etc.