Red Hat has successfully navigated these treacherous waters at the operating system layer by splitting out certification and support from the underlying software (other Linux vendors that haven't made that split don't appear to be faring quite so well). If you look up any of our public financial statements, you can see that model is also working well for us at the Java application server level, and I don't see any reason why it won't work for the IaaS and PaaS markets. They're all platforms where it's useful to have a vendor acting as a filter between the early adopting technology enthusiasts and the wider majority who just want something stable that works, so they can get on with their own business (whatever that may be).
If phrases like "fiduciary responsibility", "due diligence", "risk management" and "successor in interest" are part of your every day concerns, then a good relationship with a trusted vendor is important, because it's actually cheaper than employing the expertise you need to interact with upstream directly. (Keep in mind that even tech companies struggle to find enough good staff - at this point in history, there's nowhere near enough technologically savvy people available for every business to interact with upstream projects directly).