concept#Cloud#Architecture#Platform#Security

Cloud Deployment Model

Describes patterns for delivering IT resources in public, private, hybrid or community clouds and across SaaS/PaaS/IaaS service variants.

The cloud deployment model defines patterns for delivering IT resources across public, private, hybrid or community clouds and includes SaaS/PaaS/IaaS variants.

Maturity

Established

Cognitive loadMedium

Classification

ComplexityMedium
Impact areaTechnical
Decision typeArchitectural
Organizational maturityIntermediate

Technical context

Integrations

Identity providers (SAML, OIDC)CI/CD pipelines and infrastructure automationMonitoring and observability tools

Principles & goals

Principles

Choose a model based on cost, security, control and scalabilityConsider compliance and data residency earlyInclude operational capabilities and automation as decision criteria

Value stream stage

Discovery

Organizational level

Enterprise, Domain

Use cases & scenarios

Use cases

Scenarios

Compromises

Risks

Lack of operational capabilities leads to high operating costs
Wrong data locality can create legal and compliance risks
Unclear responsibilities between provider and customer

Best practices

Involve compliance and security owners early
Automate provisioning, security and monitoring
Ensure cost transparency via tagging and budget reporting

I/O & resources

Inputs

Application requirements and SLOs
Data classification and legal requirements
Budget constraints and existing infrastructure

Outputs

Recommended deployment model
Implications for operations and security
Migration and integration plan

Resources

Description

The cloud deployment model defines patterns for delivering IT resources across public, private, hybrid or community clouds and includes SaaS/PaaS/IaaS variants. It supports architectural decisions, governance, operations and compliance mapping. Decision criteria include cost, security, control, scalability and operational capabilities.

✔Benefits

Enables targeted trade-offs between flexibility and control
Supports compliance via deliberate data locality and isolation
Improves cost transparency through mapping to service models

✖Limitations

No silver bullet: each model carries specific restrictions
Hybrid solutions often increase complexity and integration effort
Vendor-specific services can limit portability

Trade-offs

Metrics

Total cost of ownership (TCO)
Measure of all direct and indirect costs over the lifecycle
Availability / uptime
Percentage of time the service is available
Mean time to recovery (MTTR)
Average time to recover after an outage

Examples & implementations

Global SaaS startup

Product initially ran entirely in the public cloud; later introduced regional private tenants for legal compliance.

Financial institution with private cloud

Critical core banking systems in a private cloud, less critical services operated as SaaS.

University hybrid architecture

Research and sensitive data on-premise, teaching platforms in the public cloud for scalability.

Implementation steps

Conduct requirements gathering and data classification

Evaluate deployment options and document trade-offs

Run a pilot in the selected model

Implement operational concepts, SLAs and disaster plans

⚠️ Technical debt & bottlenecks

Technical debt

Monolithic applications without cloud-native design
Manual provisioning and missing IaC artifacts
Insufficient observability and alerting configuration

Known bottlenecks

Network latencyData replicationIdentity and access integration

Misuse examples

Storing sensitive personal data in public cloud without encryption
Building a private cloud but not defining operational processes
Hybrid integration without clear network separation and authentication

Typical traps

Underestimating integration effort between clouds
Ignoring hidden recurring costs
Missing SLA alignment between provider and customer

Required skills

Cloud architecture and networkingSecurity and compliance expertiseOperational automation and infrastructure as code

Architectural drivers

Data sovereignty and complianceScalability and performance requirementsOperational automation and cost optimization

Constraints

• Regulatory requirements for data locality
• Existing legacy systems with limited portability
• Budget and personnel constraints for self-hosting