In brief, public clouds utilize shared infrastructure, while private clouds utilize an organization’s own infrastructure.
Private clouds - sometimes referred to as a data center - reside on a company’s own infrastructure, typically firewall protected and physically secured. Mature organizations that have heavily invested in on-premises infrastructure frequently leverage that investment to create their private cloud. Although this offers a big financial benefit private clouds must still be supported, managed, and eventually upgraded or replaced. The onus for security in a private cloud falls squarely on the organization’s shoulders, from physical security to encryption to network and cybersecurity. Since private clouds are typically owned by the organization, there is no sharing of infrastructure, no multitenancy issues, and zero latency for local applications and users.
Public clouds alleviate the responsibility for management of the infrastructure since they are by definition hosted by a public cloud provider such as AWS, Azure, or Google Cloud. In and infrastructure-as-a-service (IaaS) public cloud deployment, enterprise data and application code reside on the cloud service provider (CSP) servers, which can be shared in a multi-tenant environment with other organizations’ IT resources. Typical use cases for public clouds are as a backup and archival medium for enterprise data, to support business continuity initiatives, offloading front-end web applications to lower latency to global users, and to support ‘cloudbursting’ of IT resources so that when demand for a particular application increases additional instances of that application can be rapidly spun up at the CSP, eliminating the need for a business to over-provision their on-premises infrastructure to handle sudden spikes in demand. Although the physical security of hyperscale cloud providers such as AWS is unmatched, there is a shared responsibility model that requires organizations that subscribe to those cloud services to ensure their applications and network are secure, for example by monitoring packets for malware or providing encryption of data at rest and in motion.
There are several analogies for public and private cloud, such as
- private cloud as a house, public cloud as an apartment
- private cloud as watching videos you own, public cloud watching streaming video online.
In its simplest, a private cloud is a service that is completely controlled by a single organization and not shared with others. While a public cloud is a subscription service that is also offered to any and all customers who want similar services. As with cable one client’s information is not shared with others; in a public cloud each ‘tenant’s’ information is isolated from others.
There are four separate cloud deployment models: public clouds, private clouds, hybrid clouds, and multi-clouds. When planning cloud adoption, one of the first steps is to determine which deployment option is right for the organization. Deployment options are not cast in stone, an organization can switch from one to another as business and technology needs evolve.
What are public cloud deployments?
Public clouds are shared, on-demand infrastructure and resources delivered by a third-party provider. In a public cloud deployment the organization utilizes one or more types of cloud services such as software-as-a-service (SaaS), platform-as-a-service (PaaS) or IaaS from public CSPs such as AWS or Azure, without relying to any degree on private cloud (on-premises) infrastructure.
Younger organizations said to be ‘born in the cloud’ utilize public cloud services from their inception and have no reliance on legacy infrastructure or outdated applications. A public cloud deployment option is also common among smaller companies that have neither budget or manpower to staff an in-house data center or private cloud.
What are private cloud deployments?
A private cloud is a dedicated, on-demand infrastructure and resources that are owned by the user organization. The terms private cloud and on-premises data center are often interchangeable.
Private cloud deployments are operated by the business, who is solely responsible for the infrastructure, applications, and security of the private cloud. Users may access private cloud resources over a private network or VPN; external users may access the organization’s IT resources via a web interface over the public network. Private clouds are often utilized to ensure compliance with regulatory or governance demands, to ensure security protocols are followed, or to leverage an existing investment in IT infrastructure. Large enterprises can operate their IT as if it were a cloud provider, offering IT services to line of business (LOB) departments, self-service provisioning for development teams, and charging back user departments for private cloud services rendered to the LOBs. Operating a large datacenter as a private cloud can deliver many benefits of a public cloud, especially for very large organizations.
What are hybrid cloud deployments?
A hybrid cloud is a combination of public cloud and private cloud services, working together to deliver consistency across operations and infrastructure. Hybrid cloud deployments always have public and private components by definition.
Hybrid cloud deployments server many purposes and their usage continues to grow. Organizations who wish to migrate to a public cloud deployment often take a hybrid approach, first migrating those workloads that are the least ‘sticky’, for example front-end applications that do not process sensitive information that is stored in on-premises private cloud servers. Over time, an increasing number of applications can be migrated while legacy applications are refactored to take advantage of modern application development and deployment techniques.
Hybrid deployments also offer elasticity and scalability. For example a retailer who experiences a sharp growth in accesses due to the holiday season can elastically scale its web servicing front end from private to public cloud servers by rapidly spinning up new instances. In this way spikes in demand can be quickly satisfied without the need to procure extra infrastructure for the holiday rush, or to overprovision and have that infrastructure sit idle for most of the year.
What are multi-cloud deployments?
A multi-cloud is any combination of one or more public clouds and private clouds.
Many organizations rely on more than one public cloud provider. For example, they might use Azure for exchange and database servers, AWS for hosting virtual machines and newly refactored code running in containers, and Google Cloud Platform for collaboration and office productivity tools.
In many cases, organizations ‘accidentally’ adopt a multi-cloud deployment when individual user departments procure their own cloud services without IT knowledge, or when a merger or acquisition brings a new provider into the enterprise cloud fold.
Also, since each CSP’s offering vary organizations can pick and choose from a menu of services provided by each provider to craft a computing strategy perfectly tailored to their needs. Finally, some organizations are using cloud arbitrage to match needs to the CSP offering the best deal at that point in time. By leveraging multi-cloud orchestration tools such as Kubernetes these organizations can seamlessly migrate application workloads from one cloud provider to another and back again with absolutely no impact on user performance or uptime.
Finally, there can be a combination of deployment models. Organizations can be both multi-cloud and hybrid cloud if they utilize multiple CSPs as well as their own private cloud.
It can be, according to this study fielded by 451 Research, who surveyed 150 IT decision-makers and found 41 percent were operating their own private clouds at a lower cost than equivalent public cloud server pricing. Another 24 percent said the premiums they paid for having a private cloud was less than 10 percent versus public cloud, a difference that was worth it in their opinions.
Organizations must remember that cost is not the primary driver for adopting or retaining private clouds. Often regulatory demands or financial governance will demand data be protected and kept in a certain geography. Other organizations demand the lowest possible latency, keeping all IT resources in a single on-premises data center reduces round-trip network times to the absolute minimum.
Respondents found the biggest savings and cost efficiencies for private clouds were realized by utilizing automation, capacity-planning tools, flexible licensing arrangements, and cost and budgetary management tools.
Every organization’s needs are different, and the study concluded that businesses should not rely on old assumptions and common misconceptions when choosing a cloud deployment model. As in all things IT, your milage may vary.
Every organization’s data is stored separately from other companies when in the public cloud; this is one of the key concepts of multi-tenancy. However, major cloud provider agreements outline a shared responsibility model, where the CSP is responsible for physical security of the data and the subscriber is liable for the logical security (encryption, cybersecurity, authentication, identity and access management). In any case, there are several scenarios where private data might reside in a public cloud.
Data protection is a prime example. There are many cloud-based data protection providers who store a company’s backups and snapshots in the cloud. Some of these providers utilize their own cloud; other rely on inexpensive object storage available from providers like Amazon S3. These backup providers are responsible for ensuring the security of the data entrusted to them.
When choosing a public cloud provider, organizations should ensure that the data stored with the CSP contractually belongs to the subscriber, not the CSP. Also, if the data is volatile and will be moved between public and private cloud, care should be taken to ensure that egress fees for exporting data from the CSP will not impact the cost effectiveness of utilizing a cloud provider in the first place.
Typically, enterprise data bases and systems of record for large enterprises continue to reside largely in the private cloud. Subscribers should also ensure that their security policies can extend to cloud providers, that the cloud provider service level agreements (SLAs) meet the needs of the organization’s users, and that regulatory compliance issues such as PCI, HIPAA and GDPR are properly addressed.
Private clouds offer many advantages due to their provenance and autonomy being ‘owned’ by a single entity. Foremost is the high security offered by a private cloud. On-premises clouds can offer the highest degrees of privacy, since enterprise authentication can ensure access is granted only to those who need it. There is also the advantage of the lowest possible latency since resources are all co-located in the private cloud data center.
The top drawback to private cloud is the inherent costs required to procure, configure, maintain, and upgrade hardware and software. Training expenses can be another major bottom-line impact for private cloud deployments.