By Roger Nolan, Chief Technology Officer, OnApp

Public cloud – a service provider gives you access to IT resources over the public internet. You share the resources of the cloud with other users. Your data and applications are independent of other people’s, so while Company A and Company B might share the same physical server or disk, A and B only see their own virtual resources.

Private cloud - where the physical servers and storage devices that make up the cloud are available to specific users only. In this case, company A and company B’s data live on separate physical servers and storage devices. A private cloud could be run by an external service provider or your own IT department.

Hybrid cloud – there are a few different definitions of hybrid cloud, but most people consider it to be where a company runs a private cloud in tandem with a public cloud service. The public cloud might be used as a kind of overspill resource, or the workload might be split between public and private according to the type of application and data involved.

So how do you choose between them? The first thing to consider is whether you should be using an external provider, cloudy or otherwise. For very sensitive data and ‘mission-critical’ applications it may still be preferable to host and manage them in-house (indeed, you may be required to do so from a legal and regulatory point of view.) That might suit an in-house private cloud, depending on the kind of workload you’re talking about, or even traditional dedicated servers. The decision here is more about the business need to maintain total control over IT, versus the cost of building, running, maintaining and managing it in-house.

The next step to consider would be using a private cloud provider, and some kind of ‘virtual data center’ service. Security will be an important consideration, but there is nothing inherently less secure about a properly-designed private cloud service. The hardware lives in a data center, just as it does if you run your own IT infrastructure, and as long as you’ve done your due diligence on your provider’s security credentials, you can reap the benefits of cloud scalability and resilience without the time and expense of managing the infrastructure yourself.

Finally, there is public cloud, which suits a huge range of applications and offers the greatest choice of provider, from your local hosting company to giants like Amazon. Here too there are probably fewer security issues than you might have thought. At the end of the pipe there are still data centers that need effective physical and electronic security measures in place, just like your own: in other words, there is nothing inherently insecure about public cloud, either, if it is designed and managed properly.
Consider an application like Salesforce.com, for example, that’s used by companies all over the world. That’s Software as a Service running on public cloud infrastructure - countless companies sharing the same boxes and disks for their customer, sales and marketing data, and just getting on with their business.

Finally, a word about pricing. Cloud services are often priced like a utility (per GB per hour, for example) but they don’t have to be: for many business users the flexibility of per-hour pricing isn’t as important as having predictable costs for IT. Shop around and you’ll find plenty of providers willing to offer public and private cloud services for a fixed monthly or even daily price, usually with the option to scale up on demand, if required.