Cloud Deployment Models
Firms may adopt different cloud models, depending on their needs and preferences. Each model provides different features and implies different trade-offs. Models are generally categorized into the following:12
- Public cloud: In this model, cloud services are made available virtually over the internet to users and are operated by a cloud service provider. The cloud provider hosts and operates the physical servers and locates them in multiple locations to provide improved resiliency capabilities. Depending on the level of service, they may also manage the operating system, middleware, and various application layers on top of the physical infrastructure. In this model, because cloud providers run large data centers, users are able to quickly provision needed computational resources, including redundant resources. And because of the economies of scale cloud providers enjoy by operating such vast infrastructure, they are able to drive down the costs of services13 while also investing heavily in leading cybersecurity practices and technologies.
- Private cloud: In the private cloud model, computing resources are dedicated to a single firm instead of shared across firms, as is the case in the public cloud. The servers can be hosted on-premise in the firm’s own data center, or the service may also be provided by a third-party provider at their data center. Consumers of private cloud services plan and provide for their own dedicated resources instead of accessing a public cloud’s pooled resources. The infrastructure may be owned, managed, and operated by the firm or by a third-party provider or some combination of both. Private clouds allow firms to make use of various cloud-based tools and provide a testing ground for becoming more familiar with a cloud environment before possibly pivoting to a public cloud. However, potential drawbacks from a private cloud include the higher cost of renting dedicated servers or the responsibilities and risks that come with owning and managing infrastructure.14 In addition, firms are more limited in the amount of resources they can quickly tap into. To address some of these concerns, firms have begun the use of virtualization in the cloud to permit users to share physical hardware to drive down costs while isolating their data and systems to prevent unauthorized access between customers (known as virtual private cloud, or VPC).15 In the VPC approach, customers may face some limitations in features relative to traditional multi-tenant public cloud users but will still enjoy the benefits of scalability.
- Hybrid cloud: Hybrid cloud combines private and public cloud capabilities, typically in an inter- operable and orchestrated way. A firm may elect to pursue a private cloud environment but pair this with public cloud capabilities for a number of reasons. For one, firms may “burst” computational resources into the public cloud in the case of demand spikes. Alternatively, firms may elect to hold more sensitive data within a private environment while allowing other less sensitive data to be hosted on a public cloud. Or, workflows or certain data may lend themselves better to a private or public setting, and this may lead to firms pursuing a hybrid model. Another common use of hybrid cloud is as a transition strategy while moving on-premise (“on-prem”) private cloud systems and data to the public cloud. As outlined, the hybrid model provides firms greater flexibility for workflows and management of data. However, the management of multiple cloud arrangements can create greater complexity and diseconomies of scale from managing multiple environments and potentially lead to redundancies between systems.
- Multi-cloud: Firms may pursue a “multi-cloud” strategy in which an organization uses services from multiple public cloud providers. This can be distinguished from a hybrid approach, which generally refers to the pairing of a private and public option and furthermore doesn’t necessarily imply the deployment of multiple public cloud platforms. A multi-cloud strategy has the advantage of allowing a firm to mitigate dependencies upon a single cloud provider. It also provides a more flexible platform to assign workflows to the best-suited environment. For example, a firm may run their email system in one cloud platform and their account management application or trading system in a different cloud platform. Similar to the hybrid model, though there is the potential for greater complexity, diseconomies of scale and redundancies between systems. A multi-cloud environment may also increase the overall costs of computing.