Cloud computing is a delivery model that provides highly scalable, on-demand access to computer resources, including CPUs, storage, networking and other hosted software services.
Clouds can be public or private, though public clouds are more commonly associated with cloud computing. Public cloud platforms, such as AWS and Microsoft Azure, pool resources in data centers often distributed around the globe, and users access them via the internet. Resources are provided to customers through metered services, and the cloud vendor is responsible for varying degrees of back-end maintenance
Private clouds are walled-off environments hosted in a corporate data center or a colocation facility. They lack the massive scale of public clouds. But they do have some elasticity, and a company's developers and administrators can still use self-service portals to access resources. In theory, private clouds provide greater control and security, though it's up to a company's IT team to ensure that happens.
Public clouds and private clouds can be linked to create a hybrid cloud, or two or more public clouds can be connected to create a multi-cloud architecture.
Broadly speaking, there are also three tiers of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). IaaS pertains to foundational building blocks, such as compute, network and storage. It provides the most flexibility for application development, but it also requires the most overhead. PaaS abstracts those lower-level elements and provides sandbox environments for app developers. The least hands-on cloud model, SaaS, consists of licensed software delivered as web apps.
Cloud computing lowers IT operational costs because the cloud provider manages the underlying infrastructure, including hardware and software. Those managed components are typically more reliable and secure than the standard corporate data center. These advantages free IT teams to focus on work that more directly benefits the business.
The cloud is also global, convenient, immensely scalable and easily accessible, all of which accelerate the time to create and deploy software applications. It opens organizations to a host of newer services that enable the most popular trends in application architectures and uses, including microservices, containers, serverless computing, machine learning, large-scale data analytics, IoT and more.
While IT teams lower their Capex with cloud computing because they're not buying gear, they also add significant Opex to their budgets -- often enough to offset most or all their operational savings. Complex pricing and security models can also lead to major problems if IT teams are unable to adapt.
IT teams often must learn new skills or hire employees to navigate the cloud, and there are limits in the flexibility and control over certain cloud resources.
The clouds themselves are generally more secure than most private data centers since companies such as Amazon and Google can hire talented engineers and automate many of their practices. Cloud infrastructure providers also offer tools and architectural options to isolate workloads, encrypt data and detect potential threats.
However, public clouds operate on a shared responsibility model, where the user secures the data and applications hosted on the cloud. This division of security responsibilities varies based on the tier of cloud computing.
The process to secure a cloud environment is different from more traditional data center practices, so cloud adoption requires a learning curve for IT teams. Unauthorized access to resources is the most common cloud security threat; many high-profile exposures of sensitive data resulted from misconfigurations.
Organizations also must be mindful of data residency requirements and other governance restrictions since they don't have precise control over the location of the servers that host their data in the cloud.