According to the recent research paper Fine grain Cross-VM Attacks on Xen and VMware are possible! published by WPI has proven a working attack that allows a malicious user to capture AES encryption keys (and more) from other VMs on the same physical server, even if they are using separate CPU cores. This vulnerability impacts VMWare and Xen and was tested out on Amazon and Rackspace two leading cloud providers. Both of which proved vulnerable.
The short of it is that encrypted credit card data (for instance) is not safe in most shared Cloud environments.
Security is never perfect, and the recent Heartbleed vulnerability certainly drove that point home. However, this is just the latest in a long series of cross-VM attacks, that make me feel very strongly that public/shared tenant Clouds should never be used for eCommerce (or any other private and/or critical data). The only Cloud/VM solution I currently would trust for enterprise eCommerce is a fully private Cloud, at which point you lose most of the cost/scaling benefits that Cloud brings to the table.
Be safe!
Kelly,
Unless I’m missing something, I only see ONE Vm option from RackSpace or AWS that guarantee 1 VM per server., which is from RackSpace for ~$4-5,000/month.
Remember that you can have VMs consume entire boxes in public clouds. 1 VM / box = no cross-VM vulnerabilities. Very small price premium