In an earlier life I managed the implementation of system software on an Internet appliance. Later I worked in a team that implemented the system software in a storage appliance. It is a challenging thing to get right for sure. As with most things you can't really get to perfect. But I do believe you can get to "good enough" which is to say that for a large swath of the population I believe it is possible to build a dedicated storage appliance that you could leave connected to the Internet 24/7 and its systems would not be compromised.

And if you worked with applications that currently use 'cloud storage' so that your data is always available to you anywhere you have net access, I expect you could limit cross application vulnerabilities. You would do that by brutally simplifying what could be done on the appliance to the bare minimum, not even an OS as many would define it.

The advantages over the current notion of 'cloud' would be three fold, one your appliance would never withdraw its API and make your application unusable, two it would never be possible for a third party to be served an NSL which would give access to your data without you knowing about it, and third there would be no "giant bucket of user credentials and information" honeypot that once compromised at the cloud server would force a massive re-validation exercise on you and possible other issues with a re-used password.

I know from experience that attacks directed at an appliance stand out. That helps in making defense easier.