Cloud is the IT structure of the future due to its scalability, flexibility, and cost-efficiency. But does the option of a public cloud, private cloud, or even a mix of these environments work for every organization? The simple answer is no. Companies in highly regulated industries such as financial services, health care, education, and government are often stymied by governance, risk, and compliance concerns related to data stored and accessed in the cloud. But all hope is not lost — there is the fourth option of the community cloud.

A community cloud is the lesser known version of cloud infrastructure, although it is relatively popular amongst particular industries. As defined by National Institute of Standards and Technology (NIST), community cloud is an “infrastructure [that] is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It can be owned, managed, and operated by one or more of the organizations, in the community, a third party, or some combination of them, and it may exist on or off premises.” In essence, a community cloud is a subset of the public cloud, but tailored for a particular industry and may be offered as Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS). Since the community cloud is personalized, it is adapted to fit the exact performance, security, and compliance requirements of the industry or community it serves.

This form of cloud has been around for several years as groups of companies or legal entities that share a similar risk profile have banded together to secure computing resources in a multi-tenant environment. Whether it is a group of hospitals or a consortium of financial services firms working together, the community can be comprised of organizations that are related to each other in some way such as the same industry, parent company, holding company or association.


Is There a Need for This Fourth Cloud Option?

Until now, the majority of cloud discussions focused on private, public, or hybrid platforms. Very little has been written on the community cloud and its role within particular industries. Even though companies must adhere to strict security and data governance policies that cannot be met in the public cloud, this should not exclude them from using cloud infrastructure. Rather, community cloud answers their needs and can be found in these industries:

  • Health care. Institutions are under strict guidance from the Health Insurance Portability and Accountability Act (HIPAA), which negates the use of public cloud use due to security concerns around personally identifiable information. Security breaches and data leaks are far too common in the news raising concerns over public or hybrid cloud use. On the other side, health care hospitals and agencies can more easily share patient information and research results in the community cloud.

  • Government agencies. Sensitive information requires strict data governance and access. Several countries, especially in Europe, need information to reside within the country with specialized security requirements including at-rest encryption, encryption keys maintained outside of the cloud provider’s team, or physical destruction of hard drives. A single government agency could administer a community cloud for several offices, sub-agencies, and departments.

  • Financial services firms. Trading firms and other companies within this industry rely heavily on analytics and high data volumes that require high-performance clustering and low latency not found in public cloud environments. Community clouds address these needs much better than other cloud infrastructures.

  • Education. Colleges and universities require a scalable environment through the continuous growth of student numbers; however, budgetary concerns around capital expenditures are always an issue. Community clouds help them leverage group buying power, reduce uncontrolled purchase of cloud and shadow IT deployments, and re-use innovation throughout their organization.

As with each cloud infrastructure platform, there are benefits and drawbacks to community cloud. Some firms may worry that their competitors are using and sharing the same resources, and there may be a small likelihood of data leakage or loss of a technological competitive advantage. Additionally, internal IT departments may not want to have a community organization or third-party provider administer the cloud. The loss of control can be a roadblock. The benefits of reduced operating costs, efficient management, lessened risk, and strong security and compliance as outlined above far outweigh these risks.


What are the Next Steps?

If community cloud appeals to your organization, thorough research is recommended. There may be an industry organization, association, or agency that already offers this service to its members. In this case, it is easier to review the current infrastructure to determine if it is the best fit.

On the other hand, if a community cloud needs to be built, create a strong community that will help share the costs of the infrastructure as well as ensure that each company’s needs are fully met. The community group must appoint a leader and establish clear requirements on what is required from each community member. Standards must be agreed upon upfront. An underlying organization is needed to administer the cloud — whether it is a government agency, industry association, educational institution group, holding company, or a third-party consulting firm. It needs to be a trusted organization that will fairly represent all community members. Clear communication through the planning and implementation stages is critical for success.

Community cloud popularity is on the rise among these regulated industries. Community cloud is a viable option when a group of companies that share the same risk profile, are part of a single legal entity, industry, or have interest in an identical funding source, can have a private cloud in a multi-tenant environment. These specialized, vertical cloud implementations give these companies the freedom to implement cloud and realize benefits from this infrastructure.