A lot more expensive and this is required for any classified data. I honestly don't think you can truly securely share a CPU with a hostile tenant because their are just too many side-channels.
A hostile tenant is insufficient if you read the summary. You need a malicious hypervisor (ie your cloud provider) or a way to escape the sandbox and attack the hypervisor. Both attacks are highly unlikely in practice