Totally agree. Would be interesting to hear your thoughts on managed, dedicated services too - less risk of leaking through shared hardware, similar risks of the service provider inspecting traffic, higher risk of outages as cannot make use of [most] commercial DDoS protections?

My definition of "managed dedicated services" is that someone else has root access to the machine. From a pure security/privacy point of view, this seems really bad. I think you'd need a really reputable vendor with a solid contract.

If we're talking about unmanaged dedicated services, I think that's the only option at this point. If all traffic is encrypted in and out (e.g. TLS for HTTP, wireguard for all internal tools/admin) and you do some basic hardening (e.g. disabling USB drives), the main attack vector from the provider is probably pulling out the hard drives. This can be mitigated with full disk encryption, but key management is (putting it lightly) problematic.

Setting privacy aside, would you think commercial providers (not necessarily shared tenancy) do a better job at the security element?

@xcdb Not sure who we're comparing. Shared tenancy aside, I think the big cloud providers have some advantages. They tend to be much more up to date with their compliance (e.g. SOC 2 & 3) which can be important in some respect. They also do make some things easier (e.g. full disk encryption and key management).

But, on the flip side, they tend to be complicated to setup and manage. There was once a tool that let you scan your AWS account for security misconfiguration and, if I remember, it reported errors in something like 75% of accounts (the tool was removed from Github, sadly).

DDOS protection is pretty easy to find from multiple vendors. WAF is, in my opinion, mostly security theater. I know it relates to multi-tenancy, but one thing I always look for is a physical private network.

Thanks! Very interesting :)