Domain 1: Cloud Concepts, Architecture & Design Module 5 of 70

Module 5: Cloud Deployment Models

CCSP Domain 1 — Cloud Concepts, Architecture & Design Section B 6 min read
When the exam presents deployment model questions, it is testing your ability to match organizational requirements — compliance, control, cost, collaboration — to the right model. The answer is never "cloud is always public" or "private is always more secure."

The Four Deployment Models

NIST defines four cloud deployment models: public, private, hybrid, and community. The exam uses these to test governance, compliance, and risk management decisions — not just definitions.

Public Cloud

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization. The key characteristic: infrastructure is shared among multiple unrelated organizations.

The exam tests public cloud through compliance and data sovereignty questions. When a question describes an organization with strict data residency requirements, public cloud may not be appropriate unless the provider guarantees data stays in the required jurisdiction. However, most major CSPs now offer regional controls, so "public cloud cannot meet compliance" is often a distractor.

Private Cloud

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or a combination — and it may exist on or off premises.

Exam trap: Private cloud does NOT mean on-premises. A private cloud can be hosted by a third party. The defining feature is exclusive use by one organization, not physical location. Many candidates lose points by equating "private" with "on-prem."

Private cloud offers the most control but also the most operational burden. The exam may present scenarios where an organization wants cloud benefits (elasticity, self-service) with full control over the infrastructure. Private cloud is the appropriate answer when regulatory, contractual, or organizational requirements demand exclusive infrastructure.

Hybrid Cloud

A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. The exam's definition is precise: hybrid means combining cloud deployment models, not simply combining cloud with traditional IT.

The exam tests hybrid cloud in scenarios involving data classification tiering. Example: an organization processes sensitive health data in a private cloud but uses public cloud for non-sensitive analytics workloads. The exam expects you to evaluate whether the data flow between environments maintains security controls.

Community Cloud

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (mission, security requirements, policy, compliance considerations). It may be managed by one or more community organizations, a third party, or a combination.

Community cloud is the least commonly encountered model in practice, but the exam tests it specifically. Look for scenarios involving multiple organizations with shared regulatory requirements (e.g., government agencies, healthcare providers subject to the same regulations). The key differentiator from public cloud: community cloud restricts access to a defined group with shared interests.

Choosing the Right Model — Exam Framework

When the exam presents a deployment model question, evaluate these factors:

  • Regulatory requirements: Strict regulations may demand private or community cloud
  • Data sensitivity: Highly classified data may require private cloud; mixed workloads suggest hybrid
  • Cost constraints: Public cloud is typically most cost-effective for variable workloads
  • Collaboration needs: Multiple organizations with shared requirements point to community cloud
  • Control requirements: Need for full infrastructure control suggests private cloud

Multi-Cloud vs. Hybrid Cloud

The exam distinguishes between these. Multi-cloud uses multiple public cloud providers (e.g., AWS and Azure) for different workloads. Hybrid cloud combines different deployment models. A multi-cloud strategy using two public clouds is NOT hybrid cloud — it is multi-cloud. The exam tests this distinction directly.

Key Takeaways

Deployment models are about governance and requirements, not technology preferences. Private cloud means exclusive use, not on-premises. Hybrid cloud means combining deployment models, not combining cloud with traditional IT. Community cloud serves organizations with shared concerns. Match the model to the organizational requirement, and you will handle these questions confidently.

Next Module Module 6: Shared Considerations and SLAs