Cyber Security12 min read2931 words

Multi-Tenant Cloud vs. Single-Tenant Bare Metal Security

Leo Writer

PlusClouds Author

Cloud & SaaS

Korte samenvatting

This guide examines the real mechanics of tenant isolation in cloud environments, explains when shared infrastructure risk is unacceptable for regulated or security-sensitive workloads, and provides a practical framework for choosing between cloud virtual machines and dedicated bare metal, including a step-by-step migration approach.

Multi-Tenant Cloud vs. Single-Tenant Bare Metal: How to Choose the Right Isolation Model for Security-Sensitive Workloads
Size

Your security audit passed. Your penetration test came back clean. Then you got the call: a tenant on the same hypervisor as your payment processing workload had a misconfigured container, and the cloud provider is "investigating potential cross-tenant exposure." You are not sure what was accessed. Your compliance officer is already drafting the breach notification.

This scenario is not hypothetical. Shared infrastructure vulnerabilities have cascaded across environments in documented incidents, and the attack surface grows every time a new tenant spins up on the same physical host as your most sensitive data. The question is not whether multi-tenancy carries risk. It does. The question is whether that risk is acceptable for your specific workloads, and what you should do when it is not.

This guide walks infrastructure architects and engineering leads through the real mechanics of tenant isolation, the compliance frameworks that increasingly demand physical separation, and a practical decision framework for choosing between cloud virtual machines and dedicated bare metal, including how to migrate without downtime.

Table of Contents

Key Takeaways

  • Multi-tenant cloud environments separate workloads using software (hypervisors, container runtimes), not physical hardware. That shared layer is an attack surface that application-level controls cannot fully close.
  • The three main shared-infrastructure threats are cross-tenant data leakage, CPU side-channel attacks (Spectre, Meltdown variants), and privilege escalation through container runtime or IAM flaws.
  • Single-tenant bare metal removes the shared-resource attack surface entirely, by design, not by configuration.
  • PCI DSS, HIPAA, GDPR, SOC 2, NIS2, and DORA all create compliance pressure toward physical isolation for specific data categories.
  • Most organizations benefit from a hybrid model: cloud VMs for elastic, non-sensitive workloads and bare metal for regulated or high-risk workloads.
  • A zero-downtime migration from cloud VM to bare metal is achievable in one to two weeks using streaming database replication and a staged DNS cutover.
  • Physical isolation eliminates one risk category. Firewalls, WAF, network segmentation, and DDoS mitigation are still required on both models.

What Multi-Tenancy Actually Means (and Why Shared Infrastructure Is Not Always Secure)

Multi-tenancy is the practice of running multiple customers' workloads on the same physical hardware, separated by a software layer: typically a hypervisor like KVM or VMware, or a container runtime like containerd. The cloud provider manages that separation. You trust it implicitly every time you spin up a virtual machine.

Most of the time, that trust is warranted. Hypervisors have mature isolation mechanisms, and the major cloud providers invest heavily in keeping tenants apart. But "most of the time" is not the same as "always," and for workloads handling payment card data, protected health information, or classified government records, "most of the time" is not a compliance posture.

The isolation model matters because shared infrastructure can expose security vulnerabilities that are invisible at the application layer. A vulnerability in the hypervisor itself, a misconfigured virtual machine, or a flaw in the orchestration platform can create paths between tenants that no application-level control can close. You cannot patch your way out of a hypervisor escape if the escape is in code you do not control.

The important nuance is that multi-tenancy is not inherently insecure. It is a tradeoff. You get elasticity, fast provisioning, and lower baseline costs in exchange for sharing physical resources and trusting the provider's isolation layer. For most workloads, that is a reasonable deal. For some, it is not.

The Real Attack Surface: Cross-Tenant Leakage, Side-Channel Attacks, and Privilege Escalation

Diagram illustrating three shared-infrastructure attack vectors: cross-tenant leakage, side-channel attacks, and privilege escalation.

The threat model for shared infrastructure is more specific than "someone else is on my server." Understanding the actual attack vectors helps you assess whether your workload is genuinely at risk or whether you are solving a theoretical problem.

Cross-tenant data leakage happens when isolation boundaries fail. This can occur through hypervisor vulnerabilities, shared memory regions, or misconfigured network overlays. Research published in the International Journal of Research Publication and Reviews identifies hypervisor escape and VM-to-VM attacks as primary concerns in multi-tenant environments, particularly where tenants share the same NUMA node or memory bus.

Side-channel attacks are subtler and harder to defend against at the software layer. The Spectre and Meltdown class of vulnerabilities, first disclosed in 2018, demonstrated that a malicious tenant could infer information about another tenant's memory contents by observing CPU cache timing, without ever breaking the hypervisor boundary directly. Academic research on multi-tenant cloud security continues to document new variants of these attacks, and the fundamental problem, shared physical CPU cores, cannot be fully resolved without physical separation.

Privilege escalation within a shared environment can take several paths: exploiting a vulnerability in the container runtime to escape to the host, abusing a misconfigured cloud IAM policy to access another tenant's storage bucket, or leveraging a compromised management plane to pivot across accounts. The blast radius of any single tenant's compromise extends, at least theoretically, to every other tenant on the same infrastructure.

None of this means you should immediately move everything to dedicated hardware. It means you need to map your workloads against these threat vectors honestly.

How Single-Tenant Bare Metal Eliminates the Shared-Resource Risk by Design

Bare metal servers solve the multi-tenancy problem by removing the shared layer entirely. You get a physical machine, its CPU cores, its memory, its storage controllers, and its network interfaces. No other tenant's code runs on that hardware. There is no hypervisor to escape from, no shared memory bus to probe, no adjacent VM to pivot through.

This is not a configuration choice or a security feature you enable. It is an architectural property. Side-channel attacks that depend on shared CPU caches stop working when there are no other tenants sharing the cache. Cross-tenant data leakage through hypervisor vulnerabilities stops being a concern when there is no hypervisor between tenants.

The tradeoff is real. Bare metal provisioning takes longer than spinning up a VM. You lose the instant elasticity of cloud auto-scaling. And you pay for the full machine whether you use 20% of it or 100%. For workloads with predictable capacity requirements and strong isolation needs, those tradeoffs are worth making.

PlusClouds offers dedicated bare metal through the X7000 and Leo CN series, covering both high-performance compute workloads (AI training, HPC, GPU rendering) and general enterprise deployments. These systems give you physical isolation without requiring you to build and manage your own data center. If you are evaluating a move away from shared cloud for a specific workload, this is where to start the conversation.

For teams considering the broader economics of moving workloads off hyperscalers, the cloud repatriation migration playbook covers the cost-and-performance calculus in detail.

Compliance Workloads That Cannot Afford Shared Infrastructure (GDPR, SOC 2, NIS2, DORA)

Regulatory frameworks are increasingly specific about what "adequate security measures" means for sensitive data, and several of them create strong pressure toward physical isolation for certain data categories.

GDPR does not mandate bare metal explicitly, but its requirements for appropriate technical measures, data minimization, and breach notification create real liability when shared infrastructure is involved in an incident. If a cross-tenant vulnerability exposes personal data of EU residents, "we used a reputable cloud provider" is not a complete defense. You need to demonstrate that your technical controls were proportionate to the risk.

SOC 2 Type II auditors increasingly ask about tenant isolation controls, and the answers matter. Shared infrastructure is auditable, but it requires documented evidence of the provider's isolation mechanisms, your own controls at the application layer, and a clear understanding of the shared responsibility model. For some auditors and some customers, that documentation is sufficient. For others, physical isolation is the only acceptable answer.

NIS2 (the EU's Network and Information Security Directive, updated in 2022 and transposing into member state law through 2024-2025) applies to operators of essential services and digital service providers. It requires risk-appropriate security measures and incident reporting. Organizations in scope for NIS2 need to assess whether shared infrastructure meets their risk tolerance, particularly for systems classified as critical.

DORA (the Digital Operational Resilience Act, applying to EU financial entities from January 2025) adds specific requirements around ICT risk management, third-party dependencies, and concentration risk. Relying on a single hyperscaler for critical financial infrastructure creates concentration risk that regulators are actively scrutinizing. Physical isolation on dedicated hardware, potentially across multiple providers, is one way to address that.

For teams navigating data residency requirements alongside these frameworks, the guidance on data sovereignty in 2026 is directly relevant.

Performance Isolation: Why the Noisy Neighbor Problem Is Both a Security and a Latency Issue

The noisy neighbor problem is usually discussed as a performance concern: another tenant on your hypervisor saturates the CPU, memory bandwidth, or network I/O, and your application slows down. That is real and measurable. But the security dimension is less often discussed.

When a neighboring tenant is consuming abnormal amounts of CPU or memory, there are two possible explanations. The first is legitimate: they are running a batch job, processing a spike in traffic, or doing something computationally expensive that happens to land on your host. The second is less benign: they are executing a side-channel attack that requires sustained, high-frequency access to shared hardware resources.

Research on multi-tenant cloud hosting risks notes that anomalous resource consumption patterns can be an indicator of malicious activity by a co-tenant, not just inconsiderate workload scheduling. Your monitoring system probably flags noisy neighbor behavior as a performance issue. It should also flag it as a potential security event.

From a pure latency perspective, the impact is significant for latency-sensitive workloads. Database clusters, real-time APIs, and financial transaction processing systems all have tail latency requirements that shared infrastructure cannot reliably guarantee. On bare metal, you own the entire memory bus and CPU cache hierarchy. Your p99 latency is determined by your code and your data, not by what the tenant in the adjacent VM is doing at 3 AM.

PlusClouds Cloud Servers run on AMD EPYC processors with NVMe storage and are built for consistent performance, with a 99.98% uptime SLA and zero egress fees. For workloads that can tolerate shared infrastructure with strong performance guarantees, this is a solid starting point before considering the jump to dedicated hardware.

Decision Framework: When to Stay on Cloud VMs and When to Move to Bare Metal

Flowchart decision framework showing when to stay on cloud VMs, move to bare metal, or adopt a hybrid isolation approach.

Not every workload needs bare metal. Moving everything to dedicated hardware for security theater is expensive and operationally complex. The goal is to match the isolation model to the actual risk profile of each workload.

Use this framework to categorize your workloads:

Stay on cloud VMs when:

  • The data processed is not regulated or sensitive (internal tooling, development environments, marketing sites)
  • The workload is highly variable and benefits from elastic scaling
  • Your threat model does not include sophisticated, targeted attackers willing to exploit side-channel vulnerabilities
  • Your compliance framework accepts shared infrastructure with documented controls
  • Cost optimization is a primary concern and the risk tradeoff is acceptable

Move to bare metal when:

  • The workload processes regulated data: payment card data under PCI DSS, health records under HIPAA, personal data under GDPR with high-risk processing activities
  • Your compliance framework or enterprise customers explicitly require physical isolation
  • Side-channel attacks are a credible threat in your threat model (financial services, defense contractors, healthcare)
  • Latency requirements are strict and noisy neighbor effects have caused SLA breaches
  • You have predictable capacity requirements that make dedicated hardware cost-competitive with cloud VMs at scale

The hybrid approach is often the right answer. Run your web tier, CI/CD pipelines, and analytics workloads on cloud VMs. Move your database clusters, key management systems, and payment processing to bare metal. Segment the network between them using private networking and strict firewall rules.

For teams implementing zero trust principles across this hybrid architecture, the zero trust on a budget guide covers how to harden both environments without a six-figure security stack.

How to Migrate a Sensitive Workload from Shared Cloud to Dedicated Hardware Without Downtime

Moving a production workload from a cloud VM to bare metal is not a lift-and-shift. Done carelessly, it causes downtime, data loss, or both. Done systematically, it is straightforward.

Step 1: Inventory and dependency mapping. Before touching anything, document every service the workload depends on and every service that depends on it. Note IP addresses, DNS names, port numbers, and any hardcoded configuration. This is the step most teams skip and then regret.

Step 2: Provision and configure the bare metal target. Bring up the dedicated server, install the OS, configure networking, and apply your baseline security hardening before any production data touches it. This includes setting up your firewall rules, configuring SSH key authentication, and disabling unnecessary services.

# Example: Disable root SSH login and password authentication
sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd

Step 3: Replicate data to the target. For databases, set up streaming replication to the bare metal server before the cutover. For PostgreSQL, this means configuring pg_basebackup and streaming WAL. For MySQL/MariaDB, use GTID-based replication. The goal is to have the target fully caught up before you flip traffic.

# PostgreSQL: Start base backup to target server
pg_basebackup -h source-host -U replication_user -D /var/lib/postgresql/data \
  --wal-method=stream --checkpoint=fast --progress

Step 4: Test on the target with production-like traffic. Route a small percentage of read traffic to the bare metal server and verify query performance, connection handling, and error rates. Fix issues before they affect your full production load.

Step 5: DNS or load balancer cutover. Update your load balancer or DNS to point to the bare metal server. Keep the cloud VM running for 24-48 hours as a fallback. Monitor error rates and latency carefully during this window.

Step 6: Decommission the source. Once you are confident the bare metal server is stable, terminate the cloud VM and update your documentation.

The entire process, done carefully, typically takes one to two weeks for a moderately complex database workload. The cutover itself, the period of actual risk, is measured in minutes.

Securing Either Model: Firewalls, WAF, Network Segmentation, and DDoS Mitigation

Physical isolation eliminates the shared-resource attack surface. It does not eliminate the network attack surface, application vulnerabilities, or insider threats. You still need a complete security stack regardless of whether you are on cloud VMs or bare metal.

Network segmentation is the foundation. Whether you are running on shared cloud or dedicated hardware, your database tier should never be directly reachable from the public internet. Use private networking to isolate backend services from your public-facing tier. PlusClouds Networking and Load Balancers supports five network types: public, private, VPN, management, and DMZ, all managed from a single control plane. This lets you build a proper network architecture without assembling it from separate products.

Stateful firewalls enforce the rule that only expected traffic flows between segments. This means explicit allow rules for specific ports and source addresses, with everything else denied by default. Review firewall rules quarterly. Rules accumulate over time, and old rules for decommissioned services become attack surface.

Web Application Firewalls (WAF) protect your application layer from injection attacks, cross-site scripting, and the OWASP Top 10. A WAF is not a substitute for secure code, but it provides a meaningful layer of defense in depth, particularly against automated scanning and commodity exploits. PlusClouds Cloud Security includes a stateful firewall and WAF with OWASP Top 10 coverage, always-on 1 Tbps DDoS mitigation, and compliance certifications including ISO 27001, SOC 2, and GDPR. This applies equally to cloud VM and bare metal deployments.

DDoS mitigation matters for bare metal specifically because a dedicated server has a fixed uplink capacity. A volumetric DDoS attack can saturate that link before any on-host mitigation fires. Always-on upstream scrubbing, at the network edge before traffic reaches your server, is the only reliable defense.

The combination of physical isolation (bare metal) with network segmentation, a WAF, and upstream DDoS mitigation gives you defense in depth across every meaningful attack vector.

Choosing the Right Isolation Model Is a Risk Decision, Not a Technology Decision

The choice between multi-tenant cloud and single-tenant bare metal is not about which technology is better in the abstract. It is about which risk profile is acceptable for each specific workload, given your threat model, your compliance obligations, and your operational capacity.

Most organizations end up with both. Cloud VMs for elastic, non-sensitive workloads where the economics and operational simplicity are compelling. Bare metal for the subset of workloads where shared infrastructure risk is genuinely unacceptable: payment processing, health records, key management, and anything that would generate a regulatory breach notification if compromised.

The security controls, firewalls, WAF, network segmentation, DDoS mitigation, apply to both models. Physical isolation removes one category of risk. Good security engineering handles the rest.

If you are evaluating dedicated bare metal for a security-sensitive workload, the PlusClouds Bare Metal X7000 and Leo CN series are worth a direct look. For teams that need the full security stack alongside either deployment model, PlusClouds Cloud Security covers the network and application layers with the compliance certifications your auditors will ask for.

LeadOcean

Verkooptteam achtervolgt de verkeerde leads?

1,8B+ bedrijven — zoeken altijd gratis

Find My Leads →

No credit card · Cancel anytime

Lezers lazen ook

#Cloud Security#Bare Metal#Tenant Isolation#Compliance#Infrastructure

Veelgestelde Vragen

What is the difference between multi-tenant cloud and single-tenant bare metal?

In a multi-tenant cloud environment, multiple customers' workloads run on the same physical hardware separated by a software layer such as a hypervisor (KVM, VMware) or container runtime (containerd). In single-tenant bare metal, one customer occupies an entire physical server exclusively, meaning no other tenant's code runs on that hardware. This architectural difference eliminates the shared-resource attack surface, including hypervisor escape risks and CPU side-channel attacks, that exists in multi-tenant deployments.

What are the main security risks of multi-tenant cloud infrastructure?

The three primary attack vectors in multi-tenant cloud environments are cross-tenant data leakage (caused by hypervisor vulnerabilities or misconfigured network overlays), side-channel attacks (such as Spectre and Meltdown, which exploit shared CPU caches to infer another tenant's memory contents), and privilege escalation (exploiting container runtime flaws or misconfigured IAM policies to pivot across accounts). These risks cannot be fully eliminated through application-layer controls alone because they originate in shared physical hardware.

Which compliance frameworks require or strongly recommend physical isolation for sensitive workloads?

Several major frameworks create strong pressure toward physical isolation. PCI DSS requires demonstrable controls over cardholder data environments, which shared infrastructure complicates. HIPAA mandates safeguards proportionate to the risk of health information exposure. GDPR requires technical measures appropriate to the risk, and cross-tenant incidents create direct breach notification liability. DORA (effective January 2025 for EU financial entities) specifically scrutinizes concentration risk from shared hyperscaler infrastructure. SOC 2 Type II auditors increasingly require documented evidence of tenant isolation controls.

What is the noisy neighbor problem in cloud computing, and is it a security issue?

The noisy neighbor problem occurs when another tenant on the same physical host consumes excessive CPU, memory bandwidth, or network I/O, degrading the performance of adjacent workloads. Beyond performance degradation, it also carries a security dimension: sustained, high-frequency access to shared hardware resources is a hallmark of side-channel attacks. Anomalous resource consumption by a co-tenant should be treated as a potential security event, not just a scheduling problem, particularly in environments handling sensitive or regulated data.

When should a workload be moved from a cloud VM to dedicated bare metal?

A workload should move to bare metal when it processes regulated data (payment card data under PCI DSS, health records under HIPAA, personal data under GDPR with high-risk processing), when compliance frameworks or enterprise customers explicitly require physical isolation, when side-channel attacks are a credible threat in the organization's threat model, when strict latency requirements have been violated by noisy neighbor effects, or when predictable capacity requirements make dedicated hardware cost-competitive with cloud VMs at scale.

How can a production database be migrated from a cloud VM to bare metal without downtime?

The safest approach follows six steps: (1) map all service dependencies before touching anything; (2) provision and harden the bare metal target before any production data is transferred; (3) set up streaming replication (pg_basebackup with WAL streaming for PostgreSQL, GTID-based replication for MySQL/MariaDB) to keep the target caught up; (4) validate with production-like read traffic on the target; (5) perform a DNS or load balancer cutover while keeping the source VM live for 24-48 hours as a fallback; and (6) decommission the source only after the bare metal server is confirmed stable. The actual cutover window is typically measured in minutes.