There are always risks with shared harware, known and unknown veunerabilities in the hypervisor or hardware. All the recent intel stuff, row hammer, etc.
The interesting question comes when people start implementing hardware hypervisors and what is the risk profile there.
Security, at the end of the day, isn't about what is secure and what isn't. If you want to be secure, don't get on the internet. Everything else is a exercise in risk tradeoffs and mitigation.
If I was doing anything with PII, cc#'s or any other data I never want to touch I wouldn't use shared hardware without hard thought on it.
Shared hardware from the big cloud players adds attack vectors, but it also comes with some of the best security minds trying to keep the entire platform secure.
For example, they'll typically be on secret mailing lists and aware of security vulnerabilities weeks before you know about them.
The interesting question comes when people start implementing hardware hypervisors and what is the risk profile there.
Security, at the end of the day, isn't about what is secure and what isn't. If you want to be secure, don't get on the internet. Everything else is a exercise in risk tradeoffs and mitigation.
If I was doing anything with PII, cc#'s or any other data I never want to touch I wouldn't use shared hardware without hard thought on it.