We've spoken briefly about public and private deployment models. Now we'll talk about the other deployment models. We introduced the private cloud, step 4, and briefly mentioned the public cloud. We also need to mention the community and hybrid cloud deployment models. Step 4 introduced the private on-premises cloud. This is a scalable service implemented with hardware inside your enterprise. A popular variant moves a hardware to a service provider. Your enterprise still has its own dedicated hardware, you might provide it yourself or you might run it from the service provider. In both cases, you need to over-allocate hardware to handle service peaks and longer-term traffic growth. The public cloud is like running an office and a partly empty office building. Someone else owns the building, you can expand if needed, other companies share the elevators, plumbing, and other infrastructure. Following that analogy, the community cloud is like moving into a building or office park focused on a particular industry. For example, health practices often share a building and the building might include health related infrastructure, If only, say a pharmacy on the first floors, some similar service. A community cloud may include infrastructure to comply with industry-specific requirements. In the hybrid cloud our application spans both public and private cloud services. We'll see examples later in this module. Let's compare the trust boundaries for these deployment models. The on-premises private cloud is of course inside the empire enterprises trust boundary. With private off premises, the enterprise system resides in its own dedicated hardware separate from other customer systems. It's inside the cloud providers cross-boundary along with other cloud customers. In the public deployment model, our enterprise applications share processing hardware with other cloud consumer's. Public cloud providers will offer a variety of services to establish a trust boundary for our enterprise resources. A cloud consumer's starts by building the trust boundary with access control. We establish permissions to control, which processes have access to which information. This is hard to do correctly. Most cloud security breaches probably arise from faulty access-control settings. Major cloud vendors also provide cryptographic services to protect data during transmission and storage. Some cloud providers implement crypto key management systems to provide stronger control over data security. The most security conscious cloud providers offer a hardware security module to physically protect the most important crypto keys used by security sensitive customers. These prevent even administrators from gaining access to sensitive crypto keys.