I agree re: the secure backplane (though I would prefer to see it done outside server software in a more comprehensive manner).
I'm surprised that the bar isn't set a bit higher inside the cloud provider infrastructure for tenant separation at the network level. I suppose it boils down to the lack of assurance at an even lower level (who trusts Xen these days?) that seems unlikely to be fixed in the short term.
The bigger issue is the need for a secure backplane, which will remain until all server software authenticates all sockets in a strong way.