Public Cloud
How It Works
Public cloud infrastructure is owned and operated by a third-party provider — AWS, Microsoft Azure, Google Cloud Platform (GCP), or others — and shared across multiple tenants. You consume resources on demand, pay per use, and the provider handles hardware procurement, physical security, and base-level platform management.
The major providers operate regions across India. AWS has two Indian regions: Mumbai (ap-south-1) and Hyderabad (ap-south-2). Azure operates Central India (Pune), South India (Chennai), and West India (Jamnagar). GCP offers asia-south1 (Mumbai) and asia-south2 (Delhi). Region selection is critical for latency, data residency, and pricing — it is not an afterthought, particularly given India's evolving data localisation requirements.
When Public Cloud Is the Right Call
- Variable or unpredictable workloads: auto-scaling eliminates capacity planning guesswork. You pay for what you use, not what you might need.
- Startups and fast-iteration teams: zero upfront CapEx, instant provisioning. Ship first, optimise later — a model that aligns well with India's thriving startup ecosystem.
- Stateless or cloud-native applications: containerised microservices, serverless functions (AWS Lambda, Azure Functions, Cloud Run), and managed databases (RDS, Cloud SQL) are built for public cloud primitives.
- Dev/test environments: spin up, run tests, tear down. Reserved capacity makes no sense here.
Where Public Cloud Falls Short
- Data residency constraints: under India's DPDPA 2023, the central government can restrict cross-border transfers of personal data to notified countries. RBI mandates that payment system data must be stored only in India. SEBI's cloud framework requires regulated entities to ensure data residency within India for critical data. Using an international provider's Indian region is generally acceptable, but organisations must implement architectural controls to prevent data egress to non-approved jurisdictions and maintain audit trails.
- Steady-state, high-utilisation workloads: a VM running at 80%+ utilisation 24/7 for years is almost always cheaper on-premises or in private cloud. Reserved Instances and Savings Plans (typically offering 30–60% savings over on-demand pricing, per AWS's own documentation) close the gap but don't eliminate it for truly static loads. For Indian enterprises, this cost differential can be significant — a workload costing ₹50 lakh per annum on on-demand public cloud may run for ₹20–25 lakh on well-utilised private infrastructure.
- Highly regulated environments: RBI's framework on outsourcing of IT services and SEBI's cloud adoption guidelines require financial services firms to maintain specific levels of control, audit access, and data localisation that logical tenancy separation in public cloud may not fully satisfy without additional architectural measures.
Private Cloud
How It Works
Private cloud dedicates infrastructure to a single organisation. It can run on-premises in your own data centre or be hosted by a third party (hosted private cloud). The defining characteristic is single-tenancy and direct control over the infrastructure stack.
Modern private clouds use the same orchestration technologies as public providers. VMware Cloud Foundation, OpenStack, Nutanix, and Azure Stack HCI provide IaaS-like consumption models internally. Kubernetes distributions like Red Hat OpenShift or Rancher add container orchestration on top.
When Private Cloud Makes Sense
- Strict compliance regimes: financial institutions under RBI regulations, SEBI-regulated entities, and government organisations bound by MeitY guidelines often face requirements demanding verifiable physical isolation and data localisation. Healthcare organisations handling sensitive patient data under India's evolving digital health frameworks also benefit from private infrastructure to simplify compliance accountability.
- Predictable, high-density compute: HPC workloads, large-scale batch processing, or ML training on dedicated GPU clusters can be more cost-effective on owned hardware when utilisation stays high. India's growing AI and analytics ecosystem makes this a relevant consideration for many enterprises.
- Legacy application dependencies: mainframe-adjacent workloads or applications with hardcoded IP dependencies, non-TCP/IP protocols, or licensing tied to physical cores often cannot move to public cloud without a rewrite — a common scenario across Indian BFSI and manufacturing enterprises with decades-old core systems.
The Real Costs People Underestimate
Private cloud is not "free because we already own the servers." Opsio's Cloud FinOps engagements consistently reveal hidden costs: facility power and cooling (a significant expense given Indian climate conditions), hardware refresh cycles (typically 3–5 years), staff to manage firmware, patches, and physical security, plus the opportunity cost of engineers doing undifferentiated heavy lifting instead of building product features.
The honest maths: if your utilisation is below 60% on average, you're likely overpaying for private cloud. If it's consistently above 75%, you're likely saving money compared to public cloud on-demand pricing — though you need to factor in the agility cost of procurement lead times, which can be particularly lengthy in India due to import cycles and vendor timelines.
Hybrid Cloud
How It Works
Hybrid cloud connects private infrastructure (on-premises or hosted) with one or more public cloud environments through orchestration, networking, and often shared identity layers. The key differentiator from simply using both is integration: workloads, data, and management planes operate across environments in a coordinated way.
Core enabling technologies include:
| Technology | Purpose | Examples |
|---|---|---|
| Hybrid connectivity | Private network links between on-prem and cloud | AWS Direct Connect, Azure ExpressRoute, GCP Cloud Interconnect |
| Hybrid compute | Run cloud services on-premises | AWS Outposts, Azure Arc, Google Anthos |
| Identity federation | Single identity across environments | Azure AD (Entra ID), Okta, AWS IAM Identity Center |
| Container orchestration | Workload portability | Kubernetes (EKS, AKS, GKE) with consistent manifests |
| Monitoring and observability | Unified visibility | Datadog, Dynatrace, Grafana Cloud |
Why Hybrid Dominates Enterprise Adoption
According to Flexera's State of the Cloud, hybrid has consistently been the dominant enterprise strategy for several consecutive years. The reasons are practical, not theoretical:
1. Migration is gradual: no enterprise lifts everything to public cloud in one step. Hybrid is the natural transitional architecture during any Cloud Migration programme.
2. Workload placement flexibility: sensitive data stays on private infrastructure while customer-facing applications scale on public cloud. An Indian bank, for instance, might keep core banking data and payment system records in an on-premises data centre to comply with RBI data localisation mandates while running customer-facing mobile banking APIs on AWS ap-south-1 (Mumbai).
3. Burst capacity: run baseline compute on-premises and burst to public cloud during peaks — festive season e-commerce traffic (Diwali, Republic Day sales), quarter-end batch processing, or seasonal demand surges.
4. DR and resilience: use public cloud as a disaster recovery target for on-premises workloads. AWS Elastic Disaster Recovery, Azure Site Recovery, and similar services make this operationally viable. Indian enterprises can leverage the Mumbai and Hyderabad regions for geographically distributed DR within the country.
Hybrid Cloud Operational Challenges
Hybrid is not "the best of both worlds" without effort. From Opsio's 24/7 NOC operations managing hybrid environments, the recurring pain points are:
- Network complexity: latency-sensitive workloads split across environments create debugging nightmares. If your database is on-prem and your application is in public cloud, every query traverses the interconnect. Measure this before architecting it — particularly relevant in India where cross-region network latency can vary significantly.
- Inconsistent security posture: firewall rules on-prem, security groups in AWS, NSGs in Azure — three different policy languages describing the same intent. Drift is inevitable without Infrastructure as Code (Terraform, Pulumi) and continuous policy validation (OPA, Checkov).
- Monitoring fragmentation: an alert fires in CloudWatch, another in your on-prem Zabbix instance, and a third in Datadog. Without a unified observability layer, your SOC team wastes time correlating across consoles instead of resolving incidents.
Multi-Cloud
Multi-Cloud vs. Hybrid: A Necessary Distinction
These terms are often used interchangeably. They shouldn't be. Hybrid means mixing private and public infrastructure. Multi-cloud means using two or more public cloud providers. An organisation using AWS and Azure is multi-cloud. An organisation using AWS and an on-premises VMware cluster is hybrid. An organisation doing both is hybrid multi-cloud — and managing it is the most operationally complex scenario in cloud infrastructure.
Deliberate vs. Accidental Multi-Cloud
This distinction matters more than any architectural diagram. Most multi-cloud environments are accidental: the product team chose AWS, the data team chose GCP for BigQuery, and the company acquired a firm running everything on Azure. Nobody planned it; it just happened. This is an especially common pattern among large Indian conglomerates with multiple business units operating semi-autonomously.
Deliberate multi-cloud has specific justifications:
- Regulatory requirements: SEBI's cloud framework and RBI circulars encourage regulated entities to evaluate concentration risk — not depending on a single cloud provider for critical services. This is a practical driver for multi-cloud in the Indian BFSI sector.
- Best-of-breed services: GCP BigQuery for analytics, AWS for general compute, Azure for Microsoft 365 integration and Active Directory. This is defensible when the cost of cross-cloud networking and operational overhead is worth the service-level advantage.
- Geographic coverage and redundancy: leveraging multiple providers' Indian regions (AWS Mumbai and Hyderabad, Azure Central India, GCP Mumbai and Delhi) provides resilience options. For organisations with global operations, no single provider has regions everywhere — an organisation needing local compute in a country where only one provider has a region will be multi-cloud by necessity.
The Operational Tax of Multi-Cloud
Running Opsio's Managed DevOps across multi-cloud estates, we see the operational tax clearly:
- IAM divergence: AWS IAM, Azure Entra ID, and GCP IAM use different permission models, different trust chain mechanisms, and different audit log formats. Building a unified access governance layer requires significant tooling investment.
- Cost visibility fragmentation: AWS Cost Explorer, Azure Cost Management, and GCP Billing Export each emit data in different schemas. Without a Cloud FinOps platform (Apptio Cloudability, Vantage, or similar), you cannot answer "how much does this application cost to run?" across providers.
- Skills dilution: each cloud provider has thousands of services. Deep expertise in all three is rare — and particularly challenging in India's competitive talent market where skilled cloud engineers are in high demand. Teams spread thin across providers master none.
The honest recommendation: don't pursue multi-cloud as a strategy. Pursue it only when you have a specific, defensible reason for each additional provider, and budget for the operational overhead it creates.
Community Cloud
Community cloud — shared infrastructure among organisations with common requirements — is the least discussed model but remains relevant in specific sectors. Examples include government community clouds (MeghRaj / GI Cloud in India, NIC's cloud infrastructure), research communities (National Knowledge Network), and industry consortia sharing compliant infrastructure.
In practice, community cloud is architecturally similar to a private cloud with shared tenancy among vetted organisations. Its relevance is narrow but real: if you're a government department using NIC's cloud services, or a public sector bank sharing infrastructure through a common consortium, you're on community cloud. MeitY's GI Cloud initiative specifically promotes this model for government workloads.
Cloud Deployment Models Comparison
| Dimension | Public Cloud | Private Cloud | Hybrid Cloud | Multi-Cloud |
|---|---|---|---|---|
| Ownership | Provider-owned, shared | Organisation-owned or hosted | Mixed | Multiple providers |
| CapEx | None (OpEx only) | High (hardware, facility) | Mixed | None per provider, high aggregate |
| Scalability | Near-infinite | Limited by capacity | Burst to public | Near-infinite per provider |
| Control | Limited (provider APIs) | Full | Split | Limited per provider |
| Compliance simplicity | Moderate (shared responsibility) | High (you own the stack) | Complex (multiple scopes) | Most complex |
| Operational complexity | Low to moderate | Moderate to high | High | Highest |
| Best for | Variable workloads, startups | Regulated, steady-state | Most enterprises | Specific best-of-breed needs |
| Vendor lock-in risk | High (single provider) | Low (you own it) | Moderate | Low (by design) |
How to Choose the Right Cloud Deployment Model
Choosing a deployment model is a workload-level decision, not an organisation-level one. Different applications within the same enterprise will legitimately belong in different models. Here is the decision framework Opsio applies:
Step 1: Classify Your Workloads
For each workload, assess:
- Data sensitivity: does it process personal data under DPDPA 2023, financial data under RBI or SEBI regulations, or health data under emerging digital health frameworks? BFSI workloads in India face particularly stringent data localisation mandates — payment system data must remain within India per RBI's directive.
- Performance profile: latency-sensitive (needs to be close to users or other systems), throughput-heavy (needs high bandwidth), or compute-intensive (needs specific hardware like GPUs)?
- Demand variability: steady-state, seasonal peaks (festive season, financial year-end), or unpredictable spikes?
- Integration dependencies: does this workload depend on on-premises systems (databases, mainframes, legacy APIs)? Many Indian enterprises still run core systems on legacy infrastructure that cannot be easily decoupled.
Step 2: Map Constraints
- Regulatory: DPDPA 2023 cross-border transfer restrictions, RBI data localisation mandates for payment data, SEBI cloud adoption guidelines for market intermediaries, MeitY guidelines for government workloads, and sector-specific rules (IRDAI for insurance, TRAI for telecom).
- Financial: CapEx budget availability, existing hardware with remaining useful life, committed spend agreements with providers. Factor in INR exchange rate fluctuations when budgeting for cloud services billed in USD.
- Organisational: team skills, existing tooling, vendor relationships. India's strong IT services ecosystem means managed services and system integrators can supplement internal capabilities.
Step 3: Select Per Workload, Then Aggregate
Once each workload has a target model, the aggregate determines your organisational model. If every workload targets public cloud, you're public-cloud-only. If workloads span private and public, you're hybrid. If they span multiple public providers, you're multi-cloud.
Step 4: Reassess Periodically
Cloud deployment is not a set-and-forget decision. Workload characteristics change. Pricing changes. Regulations change — and India's regulatory landscape for cloud computing is evolving rapidly. Opsio recommends a formal reassessment at minimum annually, aligned with contract renewal cycles, compliance audit schedules, and regulatory updates from RBI, SEBI, and MeitY.
India Compliance Considerations
DPDPA 2023
India's Digital Personal Data Protection Act empowers the central government to restrict cross-border transfers of personal data to notified countries. While the list of restricted jurisdictions is yet to be fully notified at the time of writing, organisations deploying in India should ensure primary data processing occurs in Indian regions (AWS ap-south-1 Mumbai, AWS ap-south-2 Hyderabad, Azure Central India, GCP asia-south1 Mumbai) with architectural controls preventing data egress to non-approved jurisdictions. Deployment model choices must bake in these controls at the infrastructure level, not rely solely on policy documents.
RBI Cloud Circulars for BFSI
RBI's framework on outsourcing of IT services, along with its directives on storage of payment system data, impose specific requirements on banks, NBFCs, and payment aggregators:
- Data localisation: payment system data (including full end-to-end transaction data, card data, and customer data) must be stored only in India. This has direct implications on deployment model — public cloud is viable only when using Indian regions with verified data residency controls.
- Audit and inspection rights: regulated entities must ensure RBI and its auditors have unrestricted access to inspect cloud provider facilities. This requirement must be contractually established and architecturally demonstrable.
- Business continuity: DR sites must also be within India unless explicitly permitted otherwise, making the dual-region availability of AWS (Mumbai + Hyderabad) and Azure (Central India + South India) particularly valuable.
SEBI Cloud Guidelines
SEBI's framework for cloud adoption by regulated entities (stock exchanges, depositories, clearing corporations, and market intermediaries) mandates:
- Risk assessment before cloud adoption
- Data residency within India for critical and sensitive data
- Concentration risk evaluation — a practical driver for multi-cloud strategies in the capital markets sector
- Exit strategy and portability provisions to mitigate vendor lock-in
MeitY Guidelines
For government workloads, MeitY's GI Cloud (MeghRaj) initiative promotes the use of empanelled cloud service providers. Government entities must use CSPs empanelled under MeitY's cloud empanelment framework, which can constrain provider choices and, consequently, deployment model options.
What Opsio Sees: Operational Patterns Across Deployment Models
Running 24/7 SOC and NOC operations across customer environments spanning all deployment models, several patterns emerge consistently:
Hybrid environments generate the most incidents from network boundary failures. The interconnect between on-premises and public cloud (Direct Connect, ExpressRoute) is a single point of failure that teams undermonitor. When it degrades, symptoms appear as application slowness rather than network failure, causing misdirected troubleshooting.
Multi-cloud cost attribution is the top FinOps challenge. Organisations running workloads across two or more providers consistently struggle to answer basic questions like "what does this application cost per month?" without dedicated tooling and tagging discipline. This is compounded in India by USD-to-INR fluctuations that make month-on-month cost comparisons misleading without currency normalisation.
Private cloud environments drift fastest from security baselines. Public cloud providers continuously update default configurations (encryption-at-rest defaults, TLS minimums, public-access blocks). Private cloud infrastructure retains whatever configuration was set at deployment unless actively maintained.
Public-cloud-only organisations are fastest to adopt new capabilities but also accumulate the most unused resources. The ease of provisioning creates sprawl. Flexera's State of the Cloud has consistently identified cloud waste as a top concern, and pure public-cloud environments are where Opsio's FinOps practice finds the most optimisation opportunity.
Frequently Asked Questions
What are the 4 cloud deployment models?
The four models defined by NIST SP 800-145 are public cloud (shared infrastructure operated by a provider like AWS, Azure, or GCP), private cloud (dedicated infrastructure for a single organisation), hybrid cloud (workloads spanning both public and private environments with orchestration between them), and community cloud (shared infrastructure among organisations with common requirements, such as government agencies). Multi-cloud — using multiple public providers — is often treated as a fifth model in practice.
Which cloud deployment model is most commonly used?
Hybrid cloud is the most commonly adopted model among enterprises. Flexera's State of the Cloud report has consistently found that a majority of enterprises pursue a hybrid strategy, combining on-premises or private cloud resources with one or more public clouds. Pure public-cloud-only deployments are more common among startups and smaller organisations that lack legacy infrastructure requiring on-premises integration.
What is IaaS, PaaS, and SaaS and how do they relate to deployment models?
IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) are cloud service models — they describe the abstraction layer and what the provider manages versus what you manage. Deployment models describe where and how infrastructure is hosted. The two are independent: you can run IaaS on a private cloud, consume PaaS on a public cloud, or use SaaS delivered through a hybrid architecture. Choosing a deployment model does not lock you into a specific service model.
Is AWS a public, private, or hybrid cloud?
AWS is primarily a public cloud provider, but it supports all deployment models. AWS Outposts brings AWS-managed infrastructure into your on-premises data centre for private or hybrid deployments. AWS GovCloud provides isolated regions for US government workloads, while AWS's Indian regions — ap-south-1 (Mumbai) and ap-south-2 (Hyderabad) — serve Indian data residency needs. AWS Local Zones extend compute closer to end users. Most organisations use AWS as the public cloud component of a broader hybrid or multi-cloud strategy.
Is hybrid cloud cheaper than private cloud?
Cost depends entirely on the workload profile. Hybrid cloud typically reduces costs for variable workloads because you can burst to public cloud instead of over-provisioning private infrastructure for peak demand. However, hybrid introduces networking costs (interconnect fees, data transfer charges), integration complexity, and additional tooling overhead. For steady-state workloads with consistently high utilisation, private cloud can be more cost-effective per compute unit. The rigorous approach: model TCO for your specific workloads across both models before deciding.
