Physical security is always the number one priority for a server. No matter what tricks, technologies or software you use, if you allow uncontrolled physical access to a server, you risk compromising the device. For a data center, whether your own or a cloud service, physical security is usually built in to the operation. Only authorized people are allowed in the facility, and specific data halls or equipment cages may have additional levels of physical security, further limiting access to these critical servers.
Not every business can afford this level of security. But leaving a server sitting in an open office area is just an invitation to unauthorized access. Simply keeping a departmental server locked in a closet can make a big difference. Running it headless, with no monitor or keyboard, provides an additional layer of security.