The 4 Most Common Cloud Deployment Models (Comparison Chart)

Public, private, hybrid, or multi-cloud—which cloud deployment model is right for your organization?


So, you are looking to learn more about the various cloud deployment models out there? Good! That is exactly what we will cover in this short post. If you have started to do some reading on the topic already, you may have noticed that there are many cloud deployment models out there. To narrow down the scope of this post, we will focus only on the four most popular cloud deployment model examples: public, private, hybrid and multi-cloud. We will cover each in detail, focusing on how they work and the perceived advantages and disadvantages associated with them. 

Why the Cloud?

Before we get started, we should take a moment to understand why many companies have already embraced the cloud. Can you think of any reasons why? What are some of the drivers responsible for this shift? In my opinion, it simply comes down to cost and availability. We can likely agree that over the past decade there has been a shift towards an “always available” mentality in both our work and social lives. As a result, consumers expect the same of companies and their products or services. This forces companies to rethink how they run complex environments that are always available—all while taking into consideration cost and privacy challenges. This is where “the cloud” comes in; it offers a variety of solutions and services that companies can leverage to address some of these challenges, while helping them remain competitive in their respective markets. 

Personally, I do not think it is a question of “if” a company will move to the cloud, but a question of “when”. Regardless, the focus of this post is actually on the “how”. In other words, understanding how a company leverages technology and services will largely dictate what cloud deployment model they opt to follow. On that note, let's take a closer look at the various cloud deployment models.

The Four Main Cloud Deployment Models

Public Cloud

To quickly baseline, let's take a moment to define public cloud. Public cloud is more or less a platform that leverages a standard cloud computing model to make storage, networking, virtual machines, etc. available to the public over the public internet. These are typically grouped as services and made available either for free or charged via subscription models or based on usage. Pretty straight forward, right? One could say that it is similar to using an on-demand car service (Uber or Lyft) to get somewhere. The service is on-demand, you are provided with details on cost and duration of your trip and an arrival time. There are no upfront costs such as vehicle lease or purchase, no vehicle maintenance involved, nor do you have to ensure you have the right size vehicle. You simply pay for what you use at the time of use. 

It’s important to highlight that public cloud deployment model services (compute, storage, processing, and network) are part of a “shared” infrastructure; typically designed with built-in redundancies to prevent data loss. For example, a cloud provider may automatically replicate customer data across several of their data centers, in order to make disaster recovery easy and fast for both. This is why data stored on a public cloud platform is generally thought of as safe from most hazards.  

Another characteristic of the public cloud deployment model is that customers will never see, know, or have physical access to the hardware running said services. They will simply know which geographic region they reside and operate in. While it might seem trivial, this is important for companies to keep in mind when deciding what workloads to migrate to a public cloud, since choosing to deploy them onto the wrong geographic region could have negative operational and compliance implications. For example, from an operational standpoint, deploying an application that leverages a service hosted in the wrong geographic region could significantly impact the application’s performance by introducing unnecessary latency for users located in a totally different geographic region. From a compliance standpoint, storing or transferring data in regions that are outside of the company’s country of origin could be subject to differing regulatory requirements.  

Lastly, public cloud providers typically offer different cloud service models, or “service types”. It is important to understand these, as they play a key role when selecting a cloud deployment model. Here are the three most common cloud service models:

  • Software as a service (SaaS): Software hosted in the cloud, by a 3rd party or cloud provider, that users can access over a web-browser via the internet. “SaaS” eliminates the need for individual users to install software on their personal computers. Examples include Google Apps and Microsoft O365.
  • Platform as a service (PaaS): A common/core platform that is hosted and maintained by the cloud provider. “PaaS” allows users to develop software without needing to maintain the underlying infrastructure. It often includes version control and compile services as well as computing and storage resources. 
  • Infrastructure as a service (IaaS): Referred to as the aggregate of services (network, compute, storage) that are hosted and maintained by the cloud provider. “IaaS” makes it simpler for companies to onboard to the cloud and is often more cost-efficient than purchasing and maintaining hardware on-site. An example would be Amazon’s AWS EC2 or Google’s Compute Engine.

With a better understanding of what public cloud is and the cloud service models that providers offer, let’s look at the advantages and disadvantages.  

Advantages: 

  • Maintenance-free: Cloud providers own and operate data centers and the infrastructure required to run all services. Cloud providers are also responsible for all management and maintenance of systems. 
  • Low Cost: Companies can generate significant savings by avoiding expenses associated with having to purchase, manage, and maintain on-premises hardware. Additionally, many services are initially free if consumption is below a given threshold. 
  • Availability & Scalability: Providers offer almost infinitely scalable services and platforms. Companies can focus on deploying and running applications without having to worry about physically procuring more compute power and/or storage capacity ahead of anticipated demand. 

Disadvantages: 

  • Misconfiguration & Customization: Companies often have security concerns when they consider running applications in public cloud environments. However, if implemented properly, public cloud environments can be as secure as the most effectively managed private cloud environment. Public cloud providers operate under a shared responsibility model. While it varies by provider, it generally means that the provider is responsible for the “security of the cloud” and customers are responsible for “security in the cloud”. In other words, customers are responsible for the security of the applications they deploy and configuration of the services they leverage to run them. 

Summary of the Public Cloud Deployment Model

A public cloud deployment model offers companies the ability to consume highly available and scalable services hosted on shared infrastructure. These services are on-demand, maintenance free, and low cost. This allows companies to grow at scale, while avoiding high up-front capital investments and operational costs. Amazon Web Services, Google Cloud Platform, and Microsoft Azure are all examples of public cloud providers.

Private Cloud

Let’s shift our attention to the next cloud deployment model on the list, “Private Cloud”. This one is often referred to as “internal” or “corporate cloud”. Unlike public cloud, it provides a dedicated environment and services to a single company. A private cloud can either be hosted on-premises (meaning on hardware running in a datacenter owned by that company) or at a datacenter owned and managed by a third party on behalf of the customer. As you might imagine, on-premise vs. third-party data centers have very different operational costs and responsibility models. The focus is typically on how services are made available to a single company, thus allowing logical and/or physical access only to authorized users.

Tying this back to our analogy, the private cloud deployment model is the equivalent to using your own vehicle to get somewhere. You have to purchase a vehicle or sign a lease agreement upfront. You are responsible for all vehicle maintenance and other associated costs, such as insurance. More importantly, not only do you have to drive yourself, but you also have to ensure that it is the right vehicle type (truck, SUV, sedan, etc) for the task at hand.  

From a technical standpoint, both private and public cloud generally leverage the same cloud computing principles and concepts. This means they both leverage virtualization, thus pooling network, storage and compute resources, and provide scalability and on-demand provisioning. In this sense, they are fairly similar.

Now that you have a better sense of what a private cloud is, let’s take a closer look at some of the advantages and disadvantages.

Advantages: 

  • Customization: when hosted on-premise, private clouds can be configured to stakeholder’s specific requirements to create the exact environment needed to run proprietary applications. If hosted by a third-party, there is no on-site setup of physical hardware, but it does require stakeholders to work with the third-party to set up and manage an environment for their exclusive use.
  • Visibility & Control: More direct control of the data. Companies that wish to keep a tighter grasp on physical security controls may adopt this model.
  • Hybrid integration: Integration between public and private clouds allows companies to extend private cloud resources onto the public cloud, benefiting applications that might need additional computing resources to maintain uptime. 

Disadvantages: 

  • Utilization: Companies are fully responsible for maximizing capacity utilization. Underutilization of purchased hardware or upfront cost associated with third-party hosted hardware can have a significant impact on a company’s operational costs.
  • Scalability: Primarily applicable to companies that are not leveraging hybrid integration and that do not have consistent computing demand. A private cloud may not be able to scale effectively when demand is in flux, costing more long-term, as additional computing resources will take extra time and money to procure than scaling a virtual machine or requesting additional resources from a public cloud provider.
  • Cost: Hardware required to run a private cloud on-premise can be very expensive, therefore requiring companies to make a substantial capital investment before seeing any value. Additionally, they require on-site cloud architects to set up, maintain, and manage. Hosted private clouds can help mitigate these costs substantially.

Summary of the Private Cloud Deployment Model 

In summary, when running a private cloud on-premises, companies have more visibility and control over the physical security controls and data storage. However, these come at the expense of substantial upfront capital expenditure and operating costs. Third party hosted private clouds potentially alleviate these, as companies will not be required to make upfront capital expenses for hardware, nor need to have on-site personnel to run and maintain the hardware.

Hybrid Cloud

As previously mentioned, the hybrid cloud deployment model makes use of both public and private clouds. The use of this model implies that communication between specific services in public and private clouds has been established, making it possible for a company to move workloads between them. A hybrid cloud model has all of the benefits of both public and private cloud, but potentially introduces an aggregate of the disadvantages associated with each, too. While it may enable companies to have better safeguards and controls for strategically important workloads and data in the most cost- and resource-effective way possible; it does bring operational complexity to a whole new level. The complexities of running a hybrid cloud environment long term may discourage companies from pursuing it as a permanent solution. Instead, companies typically leverage this model as a stop gap solution while working to permanently onboard their workloads into the public cloud. 

Back to our analogy, a hybrid cloud deployment model is comparable to renting a vehicle to go somewhere. A little more complex than getting an Uber or Lyft, or driving our own car; as it involves finding a rental company and vehicle, working out the pick-up and drop-off logistics, and understanding complex cost structures (daily charges, mile inclusion, insurance, etc).  However, for long trips, it could be more cost effective than driving a personal car or using Uber or Lyft; while providing the ability to get the right size vehicle for the task at hand.

Let’s take a closer look at the advantages and disadvantages associated with the hybrid cloud deployment model.  

Advantages: 

  • Control: Companies have increased control over their data, allowing stakeholders to choose from environments that best suit each individual use case.
  • Scalability: Most companies do not have a constant general computational use or demand. Computational demand could be seasonal or ad-hoc. Extending workloads to a public cloud allows for the ability to scale resources on-demand.  
  • Cost: A hybrid cloud deployment model can benefit companies that can't afford to invest in a private data center, as well as those that need to scale in a cost effective manner. Also, this model requires much less space on-premises compared to a strictly private model.  

Disadvantages: 

  • Operational complexity: There is a lack of tools that can manage both on-premise and public cloud resources, making operational tasks more complex and involved. Examples that come to mind are: asset management, patch management, active directory and DNS management.

Summary of the Hybrid Cloud Deployment Model

Control and scalability are at the top of the list of the advantages of implementing hybrid cloud deployment. In short, companies can still apply specific custom requirements for critical environments and rely on the near infinite scalability of a public cloud provider; thus reducing cost in general. However, this is only possible if a company has the ability to run and manage a complex environment.

Multi-Cloud

The last of our four most popular cloud deployment models is the multi-cloud deployment model. A multi-cloud deployment model refers to one that leverages cloud computing services (storage, computing, applications, etc.) from more than a single cloud provider.

By now you are probably thinking, “So what is the difference between hybrid and multi-cloud?” Well, a hybrid cloud refers to the pairing of both private and public clouds. As previously mentioned, it relies on a private datacenter (third-party hosted or on-premises), typically used to host sensitive data, while also leveraging the computing power/resources of a public cloud. A multi-cloud model can include the use of a hybrid cloud, but it relies on more than a single public cloud. For example, a company may choose to store sensitive data in their on-premise datacenter, leverage one public cloud provider for the “IaaS” services and a second public cloud provider for their “SaaS” services. 

Tying this back to our analogy, a multi-cloud deployment is the equivalent to combining the use of multiple car services in order to get somewhere you need to be. For example, if you are renting a vehicle to go on a long trip and you need to get to the pickup location, you could use a car service like Uber or Lyft to get you to the pickup location. 

Let’s now take a moment to review the benefits and disadvantages of this model.

Advantages:

  • Cost: Companies may not be able to obtain all of the computing services needed from a single vendor. Architecting solutions that are cloud provider agnostic could potentially benefit a company financially, as it would be easier to migrate their workloads to a different provider that offers better pricing. This helps reduce vendor lock-in. This is most applicable to companies running containerized workloads.
  • Choice: Allows stakeholders to select the best vendor based on payment flexibility, contracts, customizable capacity. This is particularly important as needs change, allowing companies to be nimble and allocate resources accordingly.
  • Reliability: Cloud provider agnostic architectures can benefit from solutions that leverage multiple cloud provider’s redundancies. This reduces the risk of a single point of failure making critical workloads unavailable. The likelihood of concurrent downtime across multiple cloud providers is extremely low. 

Disadvantages:

  • Governance: Multi-cloud environments can be perceived as complex when attempting to leverage traditional tools for governance and compliance. Example: a company’s asset management solution may not be able to provide integration with multiple cloud providers, making it difficult to create a single source of truth of all assets.  

Summary of the Multi-Cloud Deployment Model

In summary, a multi-cloud deployment model is all about choices. It provides companies with more options, making it easier for them to invest in their digital transformation journey without fear of single-provider vendor lock-in. Companies that run containerized workloads can easily attain cost reductions by deploying and running containers across a public cloud provider that offers the lowest cost.

Cloud Deployment Models Comparison

There are many things to take into consideration when selecting a cloud deployment model that is right for your company. The table below summarizes each of them, including the various advantages and disadvantages discussed above. Hopefully, this will help you narrow down your selection.

Cloud Deployment Type Summary Advantages Disadvantages
Public Cloud It offers companies the ability to consume highly available and scalable services hosted on shared infrastructure, on-demand, maintenance free, at a low cost. This allows companies to grow at scale, while avoiding high up-front capital investments and operational costs. Cloud providers own and operate data centers and are responsible for all management and maintenance of almost infinitely scalable services and platforms. Companies can avoid expenses associated with purchase, management and maintenance of on-premises hardware and focus on deploying and running applications. Operates under a shared responsibility model. Meaning, the provider is responsible for the “security of the cloud” and customers are responsible for “security in the cloud” (applications they deploy and configuration of services they leverage). Misconfigurations are typically the root cause of vulnerabilities and the reason why public clouds are perceived as less secure.
Private Cloud When running a private cloud on-premises, companies have more visibility and control over the physical security controls and data storage. However, these come at the expense of substantial upfront capital expenditure and operating costs. Third party hosted private clouds potentially alleviate these, as companies will not be required to make upfront capital expenses for hardware, nor need to have on-site personnel to run and maintain the hardware. Can be configured to specific requirements needed to run proprietary applications, allows for more direct control of data and integration between public and private clouds allows for extending computing resources to maintain application uptime. Substantial capital investment associated with underutilized purchased hardware or upfront cost associated with third-party hosted hardware. May not scale effectively when demand is in flux, costing more long-term.
Hybrid Cloud All of the benefits of both public and private cloud, but potentially an aggregate of the disadvantages associated with them, too. Companies can still apply specific custom requirements for critical environments and rely on the near infinite scalability of a public cloud provider; thus reducing cost in general. However, this is only possible if a company has the ability to run and manage a complex environment. Companies have increased control over their data, allowing stakeholders to choose environments for each use case. Extending workloads to a public cloud allows for the ability to scale resources on-demand, in a cost effective manner.  Lack of tools to manage both on-premise and public cloud resources, creating operational complexity long term.
Multi-Cloud A multi-cloud deployment model is all about choices. It provides companies with more options, making it easier for them to invest in the cloud without fear of single-provider vendor lock-in.  Solutions that are cloud provider agnostic could potentially benefit a company financially, as it would be easier to migrate their workloads to a different provider that offers better pricing. This helps reduce vendor lock-in and improve reliability. This is most applicable to companies running containerized workloads. Can be perceived as complex when attempting to leverage traditional tools for governance and compliance. Example, a company’s asset management solution may not be able to provide integration with multiple cloud providers, making it difficult to create a single source of truth of all assets. 

 

How to Choose a Cloud Deployment Model

Bottom line, each company will have to evaluate its own list of unique requirements before they can decide on the best cloud deployment model for them. It is important to point out that they don’t have to compromise and choose a single model. There are many companies out there that leverage a combination of models in order to derive different kinds of benefits. These companies tend to have something in common—they’re using containers and container tools like Kubernetes.  

Hopefully, you’ve learned some new information from this post that will help you determine what the right model, or combination of models, is for your company. 


Rafael Garrido, Solutions Architect, Critical Stack Team

Rafael Garrido is a Critical Stack Solutions Architect at Capital One. He is a continuous learner with a passion for innovation and emerging trends in security engineering and cloud architecture. Prior to joining Capital One, Rafael was the Director of Information Security for GE Appliances, where he led the strategic transformation of the organization to one that enabled business velocity; by developing reusable frameworks which integrated security controls and requirements. Rafael has over 20 years of combined experience in Information Security and Enterprise Architecture. He holds a MIS degree from the University of Central Connecticut. You can connect with him on LinkedIn at (https://www.linkedin.com/in/rafgarrido).


DISCLOSURE STATEMENT: © 2020 Capital One. Opinions are those of the individual author. Unless noted otherwise in this post, Capital One is not affiliated with, nor endorsed by, any of the companies mentioned. All trademarks and other intellectual property used or displayed are property of their respective owners.