I have no plan to run an online business, but if I did I would not need to reinvent the wheel as it as already been invented. The problem everyone has and the cleverness they think they have which creates security issues is that they connect everything. Especially small enterprises, presumably such as your own (no offence intended, but to me a small business is anything less than 500 employees) where reliance is placed on a collection of computers on a single network. Small companies tend to rely on single networks to do everything in the business process - they also stupidly rely on a single server (cloud function if you want) to hold all their transactional data. Define your core business areas and then create dedicated networks to operate for those areas, not difficult and invisible to the customer who, depending on where she/he clicks is taken to one, or other network. Simplistic, but I'm not being paid to sort out IS issues anymore, I much prefer property development.
It is within the scope of a competent system designer and a competent programmer to do this kind of stuff, they are not one and the same, totally different skill sets. And good ones cost money. You get a dentist to fix teeth, a car mechanic to fix cars, and you should get the relevant IT, or IS professionals to sort out IT/IS matters. The problem is that the software companies have made it too easy for the average user, not programmer, but unknowing user, to cobble together their own little linked up collection of widgets without much regard to the whys and wherefores. FFS I have met idiots who tell me they work in IT when all they do is change printer cartridges and load up paper, or sit there inputting data on a single screen form all day.
The Mrs works for a financial institution - they cannot use cloud storage, they use three server locations. Same with the other financial institution she worked for, same with the couple of banks I designed clever AI widgets for, and Ford who I designed and built a specialist system for.
Bottomline is that if you program properly you use your own storage and not cloud storage. The only point I was making is that commercial cloud storage is insecure.