Many industry experts dispute the validity of the four deployment models in the NIST definition framework, which are discussed below; that is, public clouds, community clouds, private clouds and hybrid clouds. For them only public clouds are true clouds, but when the user experience and functional capabilities are the same, and there is the possibility of moving seamlessly across cloud boundaries, the distinctions become, well, cloudy.
Public cloud computing services are provided off-premise by third-party providers to the general public and the
computing resources are shared with the provider’s other customers. This is pure cloud computing and there is no debate on this one.
Community clouds are used by distinct groups (or ‘communities’) of organizations that have shared concerns such as compliance or security considerations, and the computing infrastructures may be provided by internal or third-party
suppliers. The communities benefit from public cloud capabilities but they also know who their neighbours are so they
have fewer fears about security and data protection.
Many large organizations prefer, or are legally obligated, to keep their servers, software and data within their own data centres; and private clouds enable them to achieve some of the efficiencies of cloud computing while taking responsibility for the security of their own data. By implementing cloud computing technologies behind their firewall,
enterprises can enable pooling and sharing of computing resources across different applications, departments or business units. Unlike the pay-as-you-go model of public clouds, however, private clouds require significant up-front
development costs, data centre costs, ongoing maintenance, hardware, software and internal expertise.
Many enterprises take the ‘hybrid cloud’ approach by using public clouds for general computing while customer data is
kept within a private cloud, community cloud or a more traditional IT infrastructure. The use of ‘virtual private cloud’
technology enables enterprises to connect their existing infrastructure to a set of isolated computing resources in
a public cloud infrastructure and to extend their existing internal IT management capabilities – such as security services, firewalls, and intrusion detection systems – to include their external virtual resources. This option is attractive to businesses that have invested in their own IT infrastructure or have data protection responsibilities, but would like to
take advantage of the scalability and flexibility that cloud computing affords.