[wstuartcl]

Yeah, I think the other factor that seems to be missed here is access to security patches for the hardware/frmware and OS. If you look at recent history with even the CPU attacks over the last few years Amazon and MS had access to the issue and vender workarounds months before even other large cloud players did. Digital ocean and other very large players were left holding the bag when the announcements were made with very short windows to get their systems up to speed. Consumer level onprem were waiting sometimes months for the patches/firmware and software to be available.

Not saying at all that is how it SHOULD BE, but if you are planning on pulling back to onprem (or colo) it should be a concern as it is a hard to mitigate risk.

[y4mi]

correct me if i'm wrong, but I thought basically all recent exploits (including spectre/meltdown) were only really viable on shared hypervisors?

so while yes, there weren't any fixes for your onprem virtualizers -- there also wasn't any immediate danger as the attacker had to compromise one of your nodes before actually using these attack vectors...