Public Cloud
The NIST defines the public cloud as follows (see Figure 21-14):

Figure 21-14 Public Cloud Characteristics
“The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.”
These are cloud environments created with the goal of providing resources to external entities. We already mentioned the three big public clouds: AWS, Azure, and GCP. The infrastructure is owned and managed by an entity, and usually the resources are rented for profit. The public cloud providers build multiple data centers, in different geographical locations, with the goal of being close to the consumers, to achieve the needed reliability and redundancy and to be compliant with any local regulations or laws.
Another aspect, which has been the subject of heated discussions since the beginning, is the security of the information. Because the consumers are not in control of the underlying infrastructure, which also includes the storage systems, security is the responsibility of the cloud providers. They must take the needed measures to protect the data when it resides on their storage infrastructure (data at rest) but also provide means for the customers to protect their data on the wire (data in transit). The way consumer data is handled is also a subject of different laws and regulations. Even when the public cloud providers have taken the needed measures and have deployed solutions to take care of the customers’ data, there’s still the need for external proof. That’s why public cloud providers are subject to constant audit processes from external regulatory and standardization bodies.
Here are some of the benefits of using a public cloud:
- Self-service
- Pay-as-you-go billing
- No capital expenses
- Scalability
- Reliability and redundancy
- Huge variety of services
Drawbacks can include the following:
- Lack of full control of the infrastructure
- Lack of physical control
- Cost, which might be more than the cost of running a data center on premises
- Limitations imposed by certain laws and regulations