First, AWS, Azure and GCE are not just "Joe Blow's cloud server", they are multi-billion dollar companies, and they all can provide hosting environments compliant with a multitude of security programs including SOC 1, 2, 3, PCI DSS, HIPAA, etc.
If a hospital can store patient records on AWS, why can't Delta store my flight records there? If the government is worried that a public cloud leaves them open to terrorist attacks, then they can sponsor them to run on Gov Cloud for better isolation.
But more importantly, moving a complex high volume legacy system to "the cloud" is no panacea, whatever dependencies or lack of redundancy that caused this failure could cause the exact same failure mode in "the cloud" (plus it can open them to all new failure modes).
Besides, if $CLOUD_PROVIDER has a couple of hours outage and the patient records aren't available, not that much backs up. There's not that much in the count of patients that's affected by, say, a 2-hour outage. But that same length of outage can affect thousands of passengers across a dozen airports, and cause knock-on effects for days.
Every major cloud provide offers multiple independent regions, and I haven't heard of any suffering from a multi-region outage.
If an airline's application can't tolerate an outage, then they better not host it in a single region, whether they host it themselves or host it in the cloud.
Delta is on day 2 of their outage, Southwest's was 12+ hours.
Google had a major outage in April -- it lasted 18 minutes. In June, AWS lost a single Availability Zone (out of 3) in Sydney for about 12 hours.
It has happened in the past .
Uptime needs are security needs too for various reasons. e.g. lack of uptime is just another way to get a Denial of Service attack.
edit: a typo
Can't stop to sharpen the axe. Too much wood to cut.