A Little Privacy is Better Than None: Considering Private and Public Cloud Computing

Extracts from two informational papers highlighting key differences between private and public cloud infrastructures and why those differences may be important for the security of critical data and applications.

Paper #1

Cloud Computing Synopsis and Recommendations

Extract and Complete Paper by Lee Badger, Tim Grance, Robert Patt-Corner, and Jeff Voas for NIST

Defining the Cloud and Public, Private, and Hybrid Cloud Deployment Models

What is cloud computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

What is a private cloud? A private cloud consists of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units).  It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

What is a public cloud? A public cloud consists of a cloud infrastructure provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them.  It exists on the premises of the cloud provider.

What is a hybrid cloud? A hybrid cloud consists of a cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

The Complete Report (National Institute of Standards and Technology)


Source: Cloud Computing Synopsis and Recommendations, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-146 (2012).

Paper #2

The Benefits of Private Cloud Computing

Extract from Paper by Anthony Savvas for ITProPortal

If an organization has decided to move company processes, applications and data into the cloud, it first has to decide which infrastructure to use and how the apps and data will be hosted and distributed. Businesses that want to use cloud computing have a choice of using a private or public cloud, or a mixture of the two in the form of a “hybrid” cloud.

The main difference between private and public cloud infrastructures is that a private system is used only to house and distribute your data and applications, while a public model is used to serve the requirements of multiple organizations, not just yours.

Companies deciding which type of cloud to use first have to consider how critical the data and applications are to their business. They must also consider any regulatory or data protection requirements relevant to their organization. Organizations in financial services or health, for instance, must comply with strict rules regarding the control and security of their data, so they are more likely to choose a private cloud service.

One main advantage of private cloud infrastructures is that they are usually more secure than alternatives since the organization’s data is tightly secured and controlled on servers that no other company has access too.

Additional Reading