By now, you’ve no doubt heard about public and private clouds.  Are the differences between them the same as those between a public (Pebble Beach) or private (Augusta National) golf course? They’re both pretty nice. Between a public (Berkeley) or private (Stanford) education?  They’re both pretty good.

For most business executives, the public vs. private cloud distinction has become shorthand for secure (private) vs. insecure (public).  But that’s not a terribly useful way to look at it.  After all, the folks at Rackspace, Microsoft, and Amazon, etc. al. – – all public cloud providers – – are not in the business of building insecure compute and storage cloud services. 

So instead of thinking in terms of  public vs. private, I think a more useful discussion would center on compute and storage cloud services specialized by any combination of these four characteristics: location, performance, security, and business model.  Our current client-server world contains thousands of permutations; why wouldn’t this be case in the evolution of cloud computing?

Four Specializations
Let’s begin with performance. The Dell, Oracle, HP, IBM, NetApp, and EMC catalogs have hundreds of models of computers and storage, all with different capabilities in terms of how much information they can store, how they store it, processing speeds, network properties, etc.- – technical stuff that’s critical depending on what kind of compute and storage your business needs. If you’re a pharmaceutical company running complex algorithms to sort through genetic code, you’re going to need a different performance profile than if you’re a liquor distributor keeping track of shipping routes. One business’ requirements will be very different from another’s, and that’s why performance is an important differentiator.

For geopolitical reasons, cloud services will be specialized by location. In a post-Wikileaks, post-Patriot Act, regulation-heavy world, it’s clear that each of the G20 countries will need to have its own compute and storage cloud services. And even if all our political issues could be resolved tomorrow, and we could become one, big, happy, collaborative family, network bandwidth is neither ubiquitous nor universally inexpensive, so for the foreseeable future it will make sense to locate your compute and storage near the source of demand, whether that’s your headquarters in New York City or your plant in Barcelona, Spain.

The next specialization is by security. Although public clouds are not trying to deliver insecure service (if they did, they wouldn’t have customers), you may have unique needs. Perhaps you’re handling patient data and need to comply with Health Information Portability and Accountability Act (HIPAA) regulations. Perhaps you’re processing credit card transactions and need to be Payment Card Industry (PCI) data security compliant. CFOs need to identify what their organization’s security requirements are and ask the right questions of their cloud provider. How is the data environment hardened? Are the firewalls and patches up to date? How is identity and access management implemented? What’s the audit trail retention policy? How frequently is security testing done? Some compute and storage cloud services will fit your needs; others will not.

Finally, there will be specialization by business model. Amazon pioneered three models: on demand, reserved, and spot pricing, but it’s clear we’re not at the end of creating new business models. New compute and storage cloud providers may provide vanilla services from a performance point of view but at the same time may enable a business model that’s compelling and unique to a particular market.

Specialized Services Today
There are already examples of specialized compute and storage cloud services.

Bell Canada, for instance, utilizing components from VMware and EMC, is specialized by location. If, for whatever reason, you want your compute and storage cloud service to be located in Canada, you won’t be able to get that from Amazon, Rackspace, or Microsoft Azure.  Another example: The New York Stock Exchange recently announced a specialized compute and storage cloud service, priced on a monthly basis. Born of its experience with trading systems, its performance characteristics are unique to the financial services industry. It won’t, for example, have any metered input-output charges because high performance access to vast volumes of data is key to applications in the capital markets.

We’re still in the early days of compute and storage cloud services. Maybe we’ll see a major European bank use components from CA Technologies or Rackspace to deliver compute and storage cloud services for all Europe (i.e., location). Maybe we’ll see a semiconductor company create a 10,000 server, specialized cloud service optimized for the unique performance requirements of semiconductor simulation (i.e., performance). And maybe they’ll also provide common data that anyone who does simulation can use (i.e., business model).

CFOs sitting on cash or data center assets might think about whether it makes sense for your organization to build a specialized compute and storage cloud service not only for internal use (a private cloud) but one you could sell to others in your industry (going public, as it were).  Or start the process of determining if the cloud services you’re considering meet your unique performance, location, security, and business model needs.

The computing world is beginning another major shift similar to the change from mainframe to client/server computing and we need to have a more sophisticated conversation than that afforded by public vs. private.

Timothy Chou teaches cloud computing at Stanford University. He is the former president of Oracle On Demand and the author of Cloud: Seven Clear Business Models.