Don't worry about the rouge employees it is easy to spot the red ones, it is the rogues that you need to worry about!
But I fundamentally agree, you need to consider that in many cases you are not just subject to your own risks and threats (internal and external) but each of your suppliers (and their suppliers such as Heroku and AWS) and their internal and external risks added to yours.
But I fundamentally agree, you need to consider that in many cases you are not just subject to your own risks and threats (internal and external) but each of your suppliers (and their suppliers such as Heroku and AWS) and their internal and external risks added to yours.