THE USER INTERFACE
The place you go to remotely administer a rented server at some unknown location (maybe they'll tell you which data center the virtual machine's in; maybe it's not an issue) is a web page, with all the inherent vulnerabilities those things have. SQL injections, buffer overflows - the usual suspects. Does your infrastructure provider use secure coding practices? Maybe, maybe not.
THE HOST HYPERVISOR
The big program inside which the virtual computers live is called the hypervisor. It's a very big program. Programs - particularly those that talk to networks - are vulnerable to all kinds of nasties. Updates to those programs are needed to counteract the nasties. Is the hypervisor program on the hardware host at your provider that runs your VM updated? Was it written by the virtualization product maintainer using secure coding practices? Maybe, maybe not.
THE PROVIDER EMPLOYEES
Did you hire the people that run the hosts that your VM lives on? No? Then you can't fire them. And don't even know who most or any of them are. Do you trust them? Maybe, maybe not.
Other Concerns
Do you maintain your VMs via an automatic payment from a credit card? What happens if a payment fails to go through? POOF - all your VMs could disappear, along with settings, data, transactions, virtual switches and so on. That's a nasty surprise, particularly if your backup locations are also VMs at the same provider that are paid for in the same way. And unless you're paying through the nose for managed hosting (where designated admins do stuff for you), there's the nasty surprise of lack of administration, meaning that you're behind on updates, disk space checks, disabling of unneeded services, log rotation and all that stuff.
Not to bug you, but these things haven't changed since years ago, when first I griped about them. Happy networking!
UPDATE: Another issue I remember from my tech support days is where a certain major infrastructure provider only a few years ago was discovered to be recycling VM's! OS loads at the provider where I used to work took about as long as a real computer (30-45 min.). A way to improve that - which they may have implemented by now - would be to image a new machine quickly from a master image. But one of our competitors was providing (apparently) already-built builds of Windows Server that had been previously used by an earlier customer. To recycle, I suppose they just ran some command that reset to defaults. Perhaps they came up with a powershell script. It would have provided a "new" computer (virtual machine image) to a new customer who was no doubt impressed by the speedy delivery! But that same customer may have been confused by the data, configurations and users left in the build from some previous owner. Hilarious.
