Types of Clouds
Cloud deployments are not one-size-fits-all. The NIST SP 800-145 standard defines four deployment models, each with distinct trade-offs in cost, control, security, and scalability. Selecting the right model (or combination) is a critical architectural decision.
1. Public Cloud
Resources (compute, storage, networking) are owned and operated by a third-party cloud provider and shared among multiple tenants over the Internet. Infrastructure is hidden behind APIs.
Characteristics:
- No upfront capital expenditure — pure pay-per-use
- Virtually unlimited scalability (AWS has millions of servers globally)
- Provider manages all hardware, patching, and redundancy
- Multi-tenant: your workloads share physical hardware with others (with isolation)
Examples: AWS, Microsoft Azure, Google Cloud Platform, Alibaba Cloud
Use cases: Startups, web applications, big data analytics, development/test environments
2. Private Cloud
Cloud infrastructure is provisioned for exclusive use by a single organization. It may be managed internally or by a third party, hosted on-premises or in a colocation facility.
Characteristics:
- Full control over hardware and software configuration
- Dedicated resources — no noisy-neighbor effects
- Higher upfront CapEx for hardware procurement
- Compliance with strict regulatory requirements (HIPAA, PCI-DSS, government)
Technologies: OpenStack, VMware vSphere, Microsoft Azure Stack, Red Hat OpenShift
Use cases: Banks, healthcare providers, government agencies, defense contractors
3. Community Cloud
Infrastructure shared among several organizations with common concerns (mission, security requirements, compliance, policy). Costs are split; governance is shared.
Examples: Government agencies sharing a GovCloud, universities in a research consortium, healthcare networks sharing a HIPAA-compliant platform
Use cases: Multi-agency government IT, academic research, healthcare data exchange
4. Hybrid Cloud
A composition of two or more cloud deployments (public + private, or public + community) that remain distinct entities but are bound together by standardized technology for data and application portability.
Patterns:
- Cloud bursting: Run baseline workloads on private cloud; burst to public cloud during peak demand
- Data sovereignty: Keep sensitive data on-premises; use public cloud for compute-heavy processing
- Disaster recovery: Primary workloads on-prem; replicate to AWS/Azure for DR
Examples: Azure Arc, AWS Outposts, Google Anthos
Comparison Table
| Dimension | Public | Private | Community | Hybrid |
|---|---|---|---|---|
| Cost | Low (OpEx) | High (CapEx) | Shared | Mixed |
| Control | Low | High | Medium | High (private portion) |
| Security | Provider-managed | Full control | Shared governance | Split responsibility |
| Scalability | Virtually unlimited | Limited by owned hardware | Limited | Elastic (burst to public) |
| Compliance | Provider certifications | Fully customizable | Negotiated | Complex |
| Use Case | Startups, SaaS, analytics | Banks, gov, healthcare | Consortia, research | Enterprise, DR, regulated |
Deployment Model Relationships
Decision Framework
- Do you have strict data residency or regulatory requirements? → Private or Hybrid
- Do you need unlimited elastic scale at low upfront cost? → Public
- Are you collaborating with peer organizations on shared compliance requirements? → Community
- Do you want to optimize cost while maintaining control for sensitive data? → Hybrid
Most large enterprises today operate hybrid or multi-cloud architectures, using public cloud for agility and private cloud for compliance-sensitive workloads.