1. You'll need to be cheaper than my homebrew option -- which at this point is a server in the basement with 4 X 1T disks (mirrored in pairs), running FreeBSD. I can copy/sync anything stored there to any computing device in the house quickly (when I'm here) and slowly (when I'm remote). But the latter hardly matters: I don't NEED to download music to my laptop when I'm 800 miles away because I had the planning and foresight to do so before I left.
2. You'll need to demonstrate that you're backup-clueful. Mine are run daily AND they're checked AND they're cataloged.
3. You'll need to demonstrate that you're security-clueful. That means default-deny firewalls (in both drections), 100% open-source software throughout the entire company, strong cryptography, working RFC 2142 email addresses, etc.
4. You'll need to demontrate that you have a spine -- and the attorneys and funds to back it up. That means fighting the MPAA, the RIAA, their proxies (e.g., DHS). You'll also need to be prepared to have your entire operation confiscated WITHOUT leaking any information -- which means full-disk encryption on every system you have combined with multiple-factor authentication (so that no one person can reveal the keys). None of this is easy or cheap.
5. Integration with external services (particularly social networks) is wrong and very, very stupid. Don't do it. It instantly renders your entire operation completely worthless to anyone who cares even a little bit about security and privacy.l
6. You'll need to work on MY computing platforms: *BSD, Linux, OpenIndiana. If you tell me you're Windows-only or Windows/Mac-only then I'll presume you're idiots who don't understand the first principles of interoperability.
7. You'll need multiple data centers: one physical location, even if supported with UPS/generators, multiple data providers, etc. is always vulnerable. (Pro tip: it costs much, MUCH less to run three inexpensive and redundant data centers than one super-hardened one. Also the three will be far more reliable.)
9. You'll need to convince me that your admins aren't snooping through my stuff. You will need instantly and PUBLICLY fire anyone caught doing so, which means you'll need a means of detecting them and you'll need to force them to sign an employee agreement stating that this is what will happen when they're caught. (Why? Because "we dealt with the problem" is opaque and untrustworthy. You MUST fully disclose all such incidents, you MUST name names, you MUST hold absolutely nothing back...because the first time you do, we'll all know you're lying.)
10. You'll need to solve the problem of keeping useful logs (for debugging, billing, etc.) while making sure that those logs never fall into the wrong hands. Someone who comes into possession of the logfiles associated with my account will know rather a lot of information about that nobody should ever know. This isn't an easy problem -- I know, I've struggled with it myself -- but you'll need to tackle it because otherwise someone could get that info via (a) court order (b) intrusion (c) payoff of one of your staff. (And don't think that last won't or can't happen: someone offered 10X their annual salary tax-free for a DVD worth of compressed log files would be tempted.)
That's enough for now -- that's a pretty large and difficult problem set. I'd like to see how you plan to address each one of these in an integrated fashion. (Yes, I KNOW it's hard. I couldn't solve all these in an afternoon either. But the time to think this through is long before you put up even the first server. You need to have all the long arguments at the whiteboard before you start architecting and building.)