As Kelly Jackson Higgins points out in the Dark Reading piece, insistence upon thorough, probably third-party security verification for your providers is not just sound business policy, it is, I believe, an obligation and a responsibility.
And speaking of business, digital security and security practices aren't the only concerns you should raising: How solid and sound are your providers and vendors as businesses? How prepared are you to maintain operations without missing a step if your primary provider stumbles and falls?
More than that: What is your business's legal exposure if your provider or Cloud-based service suffers a data breach? And what is your recourse in the event of such a compromise?
Kelly's piece is focused on the Cloud, but the questions raised apply to every business you're connected to and dependent on, and if you haven't asked them of each of those, and of each you are considering you should, and soon.