If you're trusting another human being to do their job, you've already lost.
That applies to external or internal security.
So there is no distinction between remote or local hosting.
Except that in local hosting, you are working with people whose foibles and lack of competence you already know and can defend against. Not so much with some third party company.
Zero trust means zero trust.
Your security is YOUR security - no one else's.
The fact that companies don't do that now is no argument for doing it. It's an argument for how stupid the average company is.
It's very simple.
If you're trusting another human being to do their job, you've already lost.
That applies to external or internal security.
So there is no distinction between remote or local hosting.
Except that in local hosting, you are working with people whose foibles and lack of competence you already know and can defend against. Not so much with some third party company.
Zero trust means zero trust.
Your security is YOUR security - no one else's.
The fact that companies don't do that now is no argument for doing it. It's an argument for how stupid the average company is.
But we already knew that, right?