Weighing the Options: Public, Private, Hybrid and Multicloud
The public cloud offers flexibility and scalability when it comes to increasing computing power or hosting applications and data, with significantly less investment necessary than an on-premises data center. Contracting with a cloud service provider also offers physical security for computing and storage infrastructure, along with certain identity and access management features such as multifactor authentication, role-based access control and single sign-on. (Availability of these features will vary depending on the organization’s contract with the CSP.)
But organizations are largely on their own when it comes to ensuring HIPAA compliance and HITRUST certification in the public cloud. They also need to be mindful of tiered pricing models in CSP contracts, which can lead to unexpected cost increases. Finally, they need to consider what to host on the public cloud before moving ahead.
Private cloud combines the scalability of public cloud services with the security available from on-premises infrastructure. Whether organizations host a private cloud onsite, offsite or with a CSP, they maintain far more control over their hardware and software than in a public cloud environment. This control can include (but is not limited to) security and access policies, infrastructure customization and regulatory compliance.
The primary trade-off with private cloud is cost, as it requires infrastructure investments that are not needed for the public cloud. Private cloud architecture can also require the use of technology such as virtual machines or containers in which to run cloud services, as well as cloud management software to control infrastructure. This can improve flexibility and efficiency, but it requires specialized expertise that small or rural organizations may struggle to find.