2.3.4. Cloud Computing Deployment Model
(NIST, 2011) explained four cloud deployment models which are commonly adopted by the cloud providers and government agencies. These are Public cloud services, Private cloud service, Community cloud service and Hybrid Cloud service.
In the public cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Public cloud users are typically residential users and connect to the public internet through an internet service provider’s network. Google, Amazon, and Microsoft are examples of public cloud vendors who offer their services to the general public. Facebook and Gmail are also examples of services where data is stored in a public cloud. 15 Lists some of the advantages and drawbacks of the public cloud.
The advantages of public cloud computing include:
? Data availability and continuous uptime
? 24/7 technical expertise
? On-demand scalability
? Easy and inexpensive setup
? No wasted resources
Drawbacks of the public cloud:
? Data security
? Privacy
Private cloud service is a cloud deployment model in which the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. A private cloud is hosted in the data center of a company and provides its services only to users inside that company or its partners.
A private cloud provides more security than public clouds because in public cloud the user may not know where their data is stored or how it is backed up and whether unauthorized users can get access to it.
The major drawback of private cloud is its higher cost. When comparisons are made with a public cloud; the cost of purchasing equipment, software and staffing often results in higher costs to an organization having their own private cloud.
A community cloud falls between public and private clouds with respect to the target set of consumers. It is somewhat similar to a private cloud, but the infrastructure and computational resources are exclusive to two or more organizations 15. The cloud infrastructure is provisioned for exclusive used by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

The advantages 15 of community cloud include:
? The cost of setting up a communal cloud versus individual private cloud can be cheaper due to the division of costs among all participants.
? Management of the community cloud can be outsourced to a cloud provider. The advantage here is that the provider would be an impartial third party that is bound by contract and that has no preference to any of the clients involved other than what is contractually mandated.
? Tools residing in the community cloud can be used to leverage the information stored to serve consumers and the supply chain, such as return tracking and just-in-time production and distribution.
? Since it is managed by contract with an impartial third party or by one of or the combined expert of the whole community, it has the advantage of security and privacy over the public cloud.
Drawbacks of community cloud:
? Costs higher than public cloud.

Another cloud deployment model hybrid Cloud the infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). A hybrid cloud is typically offered in one of two ways: a vendor has a private cloud and forms a partnership with a public cloud provider, or a public cloud provider forms a partnership with a vendor that provides private cloud platforms. In a hybrid cloud, an organization provides and manages some resources in-house and some out-house. For example, organizations that have their human resource (HR) and customer relationship management (CRM) data in a public cloud like Saleforces.com but have confidential data in their own private cloud 15. Hybrid clouds 15 offer the cost and scale benefits of public clouds, while also offering the security and control of private clouds. The advantages of the hybrid cloud include:
? Reduces capital expenses as part of the organization’s infrastructure, needs are outsourced to public cloud providers.
? Improves resource allocation for temporary projects at a vastly reduced cost because the use of public cloud removes the need for investments to carry out these projects.
? Helps optimize the infrastructure spending during different stages of the application lifecycle. Public clouds can be tapped for development and testing while private clouds can be used for production. More importantly, public clouds can be used to retire applications, which may be no longer needed because of the move to SaaS, at much lower costs than dedicated on-premise infrastructure.
? Offers both the controls available in a private cloud deployment along with the ability to rapidly scale using the public cloud.
? Supplies support for cloud-bursting.
? Provides drastic improvements in the overall organizational agility, because of the ability to leverage public clouds, leading to increased opportunities.

Drawbacks of the hybrid cloud are:
? As a hybrid cloud extends the IT perimeter outside the organizational boundaries, it opens up a larger surface area for attacks with a section of the hybrid cloud infrastructure under the control of the service provider.
? An easier approach to solving the identity, needs of hybrid clouds is to extend the existing enterprise identity and access management to the public clouds. This opens up concerns about how this approach will affect the enterprise identity and its impact on the organization’s security.
? When organizations manage complex hybrid cloud environments using a management tool, either as a part of the cloud platform or as a third-party tool, organizations should consider the security implications of using such a tool. For example, the management tool should be able to handle the identity and enforce security uniformly across hybrid cloud environments.
? A hybrid cloud makes the data flow from a private environment to a public cloud much easier. There are privacy and integrity concerns associated with such data movement because the privacy controls in the public cloud environment vary significantly from the private cloud.
? There are risks associated with the security policies spanning the hybrid cloud environment such as issues with how encryption keys are managed in a public cloud compared to a pure private cloud environment.