There are several deployment models for a cloud which all imply different levels of security (Source: NIST definition of cloud computing):

  • Private cloud: Private cloud services are owned by an enterprise or organisation. A Private cloud can be built on existing on-premises or off-premises computing infrastructure. Private cloud installations are in part motivated by users’ desire to retain control over the infrastructure and avoid losing control of information security.

  • Public cloud: A public cloud provides computing services that are publicly accessible (with a login, of course) over the Internet.

  • Hybrid cloud: A Hybrid cloud is a mixed deployment model, employing both private and public infrastructures. A hybrid cloud is mostly used for outsourcing processes and/or data to a public cloud while maintaining sensitive data inside a local private cloud.

  • Community cloud: Multiple organisations with common concerns, such as security requirements, policy, interests, and/or missions, may share cloud infrastructures across administrative domains to form a community cloud.

The private cloud is owned by a single organization and public clouds are shared on a larger scale.

Private and community clouds are regarded as more secure because they provide more control for the organisation(s). However setting up a private cloud infrastructure comes at a significant expense. A public cloud is instead more flexible and is often a more affordable investment for end users, however control of the cloud infrastructure is in the hands of the cloud provider, which can be seen as a security issue. Therefore, it is of high priority to public cloud providers to build and maintain strong management of secure services. Many small businesses cannot afford such efforts and therefore it is often safer for them to use the cloud services.

The NeCTAR Research Cloud can be characterized as a community cloud.