NIST SP 800-145 defines four deployment models for cloud computing. Three of them cover almost every real-world choice: public, private, and hybrid. The right answer is rarely all-of-one. It is workload by workload.
What Each Model Is
Public cloud. Shared infrastructure, multi-tenant by design, operated by a provider and consumed over the public internet or private interconnects. You pay for what you use. You do not own the hardware, the floor, or the power contract.
Private cloud. Dedicated to a single organization. Same five NIST characteristics: self-service, broad network access, resource pooling, elasticity, measured service. The pool serves one tenant. The hardware sits in your data center or in a colocation facility, operated by your team or a managed provider.
Hybrid cloud. Two or more distinct clouds (typically a private and a public) bound together for data, identity, and workload movement. Hybrid is an operating model, not a product. IEEE-published work on intelligent workload factoring for hybrid clouds framed the case clearly: keep predictable baseline load on owned capacity, send burst and variable load to public capacity.
When each fits
Public cloud fits when:
- Demand is spiky or unpredictable. You want to pay for the peak only when it happens.
- You need a service the provider already offers as a managed product (object storage, managed Postgres, a CDN) and building it yourself is not the point.
- Time to market matters more than three-year unit economics.
- The workload has no specific data residency, sovereignty, or hardware constraint.
Private cloud fits when:
- Baseline utilization is high and steady. Owned or dedicated capacity is cheaper than per-hour rental at this duty cycle.
- Data residency, regulatory, or sovereignty rules narrow your options (healthcare, finance, public sector, defense).
- You have hardware requirements public clouds do not expose: specific GPUs at specific ratios, deterministic networking, or local storage with known latency.
- Egress costs on a public cloud would dominate your bill.
Hybrid fits when:
- You have a predictable baseline plus unpredictable bursts. Run the baseline on private, burst into public.
- You need disaster recovery in a second failure domain outside the primary provider.
- Some data must stay in a controlled environment, while the compute talking to it scales elsewhere.
- You want to offload egress-heavy traffic (media delivery, backups, log shipping) onto cheaper or zero-egress infrastructure while keeping control plane workloads where they are.
What this means for ZCP
ZCP is built around these three patterns rather than against them.
The public cloud side runs in two regions today, YUL-1 in Montreal and YOW-1 in Ottawa, with YVR, BUF, LAX, LHR, and AMS planned. VMs start at $12/month, object storage is $0.024/GB/month, and egress is $0. This fits workloads with expensive hyperscaler transfer.
For organizations needing dedicated capacity, ZCP also delivers private cloud build-outs. The starter tier is $4,500 setup plus $1,200/month managed, with the environment operated end-to-end by ZSoftly engineers. You get the same self-service portal and metering as the public side, dedicated to one tenant.
And ZCP is built to coexist with AWS, Azure, and GCP, not to replace them. The common hybrid patterns we see are egress offload, sovereign workloads kept off US-owned providers, DR into an independent failure domain, and predictable baseline capacity beside elastic hyperscaler bursts. Pick the model fitting the workload. Combine where it makes sense.