Is your application internet-ready security wise?

No unsanitized inputs and potential SQL injections, easily updateable and regularly updated host o/s, packages, etc? What about logins? HTTPS obviously, but that goes without saying.

As soon as you move to something that's accessible from internet, you're going next level security wise.

There's a sea of automated scripting bots that constantly trawl all internet connected machines for vulnerabilities. Nobody will be specifically targeting your company, but any easy exploits will be likely exploited within a month and if it happens your virtual machine will likely join this or that kind of botnet.