Public, private, and hybrid cloud

Introduction

When it comes to the cloud, there is no single possible configuration. Cloud services can be organized in different ways depending on where the infrastructures are located, who manages them, and how resources are shared.

The choice of model affects costs, control, security, and ease of management.

Main cloud models

Public cloud

With the public cloud, providers make their data centers available for Public Administrations to use without having to purchase or manage their own infrastructure. The organization activates services when needed and pays only for the time they are actually used.

This cloud model eliminates the need for large initial investments in hardware and allows internal resources to be focused on other objectives. Data center resources are shared among multiple customers, but each administration operates in a separate and protected environment.

It is particularly suitable when:

• ordinary data is managed;

• services need to scale quickly (for example, in case of usage peaks);

• it is useful to reduce direct management of infrastructure and technical skills.

Private cloud

The infrastructure is dedicated exclusively to one administration and can be located in the organization’s own data centers, at another administration or its in-house company, at the National Strategic Hub, or at an external provider. In all cases, resources are reserved and the administration maintains complete control. The organization directly manages security, maintenance, and system configuration.

This model ensures maximum control but requires owning and managing the infrastructure, with all the related costs and risks: purchasing equipment, specialized personnel, ongoing updates, and responsibility for service continuity.

It is particularly suitable when:

• critical or strategic data is handled;

• very specific security or isolation requirements are needed;

• the service has particular technological or regulatory constraints.

Hybrid cloud

This is a solution that combines public and private cloud, using resources from both. It can be useful if the organization already has a private infrastructure but needs additional capacity to handle sudden peaks in demand. In these cases, the public cloud is used to absorb the extra load without having to oversize the private infrastructure. However, maintaining this dual configuration means continuing to manage the private part with all the associated costs and complexities.

It is particularly suitable when:

• different types of data coexist;

• some workloads must remain on dedicated environments, while others can use the public cloud;

• there are load peaks, heavy processing, or scenarios of gradual integration to manage.

The recommended model for public administrations

The Cloud Italia Strategy Opens in a new tab guides the choice of cloud model based on the type of data and services to be managed.

According to this classification, administrations identify the most suitable model:

• public cloud for ordinary data (and for critical data with an additional layer of security);

• private or hybrid cloud for critical and/or strategic data.

Within this framework, qualified public cloud is, in most cases, the most efficient solution for public administrations because it allows them to:

• minimize the organization’s own infrastructure;

• simplify the management of maintenance, updates, and technical skills;

• facilitate the adoption of new solutions and services;

• ensure high standards of quality, security, and reliability.

To use cloud services that meet the required standards, administrations must choose from those qualified by the National Cybersecurity Agency (ACN). Qualification ensures that providers meet specific security, reliability, and regulatory compliance requirements. Qualified services can be found in the Catalog of Digital Infrastructures and Cloud Services Opens in a new tab , where they can be compared and the most suitable one for specific needs can be selected.

Private or hybrid cloud remains a valid choice in cases where the nature of the data or very specific requirements make a higher level of control or isolation necessary.