What Is Community Cloud? Definition, Architecture, Examples, and Best Practices
A community cloud is defined as a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements. This article introduces you to community cloud, its examples and components, and shares some best practices for 2021.
Table of Contents
What Is Community Cloud?
A community cloud is a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements. The concept of a community cloud is akin to a community garden, where different individuals grow produce on a single piece of shared land. Community clouds are a recent phenomenon compared to other cloud models such as public, private, and hybrid clouds.
The COVID-19 pandemic has pushed the world to embrace a remote work setup across industry verticals. It has left sectors such as education and healthcare scrambling to move completely online, which they were not ready for. This accelerated cloud adoption, with Gartner predicting that worldwide public cloud adoption will increase by 18% in 2021.
High costs mean that a private cloud is, more often than not, out of reach for many small organizations, while industry regulations make public cloud unfeasible for many others. This is where community cloud comes into the picture. This system is a modified form of private cloud, where the needs of different organizations and verticals are weighed during architecture ideation. A community cloud system is owned, managed, and operated by members of the community, third-party vendors, or both.
Community Cloud Architecture
Members of a community cloud are organizations that have common business requirements. These requirements are usually driven by the need for shared data, shared services, or shared industry regulations. This means they’re typically organizations in the same industry or departments of the same organizational body. In other words, a community cloud is an integrated setup that combines the features and benefits of multiple clouds to address the needs of a specific industry.
To set up a community cloud, organizations can choose to host their own data centers and split the cost and responsibilities. This may be on-premise in the existing infrastructure of a member or even at peer facilities. Alternatively, they can also consider hybrid cloud providers.
Community clouds are more expensive than public clouds but also more secure. Each member of the cloud is allocated a fixed amount of data storage and bandwidth, making scalability somewhat more difficult than with private and public clouds. Public clouds are perfect for fledgling companies, while private clouds are a good fit for large enterprises. Community clouds are a great solution for growing organizations in the health, financial, legal, and educational sectors. This is because these industries are the most bound by various regulations.
The implementation of a community cloud is more complicated than other types of clouds. This is because of the number of players involved. Decisions are no longer standalone, and, as a result, a handbook needs to be established at the outset, which must cover:
- Mission statements
- Ownership of services and resources
- An economic model of shared cloud and services
- Resource allocation and maintenance
- Industry regulations binding each organization
Despite the startup costs and inevitable teething problems, as per industry estimates, the community cloud market is estimated to reach $12.8 billion by 2027 from $2.6 billion in 2020. This is because the benefits of a community cloud currently outweigh the challenges.
Benefits of a community cloud
- Cost-effectiveness: As mentioned earlier, the cost-effectiveness of setting up a community cloud vs. a private cloud is a compelling reason for organizations such as educational institutions to consider this shift. A community cloud allows users to connect to the same environment, with their sessions segmented logically. This removes the need to have separate servers to fulfill the same requirements across organizations.
- Regulatory compliance: Privacy-related regulatory laws are new and constantly evolving. They vary at a global, national, and regional level. For example, California has already implemented the Consumer Privacy Act (CCPA), while other states simply follow suit. By banding together under the community cloud umbrella, the common interpretation and implementation of these laws can be ensured. This drastically reduces vulnerability to legal action.
- Industry-based security requirements: Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare and Payment Card Industry Data Security Standard (PCI DSS) for the payment industry require companies to store and transfer data in specific ways. The expertise and technology to implement these security requirements cannot be avoided. This is where community cloud members help each other by sharing expertise.
- High availability: The lure of cloud solutions lies in the fact that most come with high availability, meaning downtime is low or nonexistent. This holds true for community clouds as well.
- More control: Many enterprises opt for private clouds over public ones because of the need for transparency and control. While public clouds make setup, scalability, and maintenance much easier than on-premise solutions, they come at the cost of control. Community clouds provide organizations with the best of both cloud models.
Also Read: What Is Cloud Computing? Definition, Benefits, Types and Trends
Examples of Community Cloud
Community cloud for government sector
It is common to come across ‘cloud for government’ or ‘government cloud’ among the offerings of most cloud vendors. These are community clouds that are specifically meant for government bodies. Government processes and services require constant communication and data transactions between multiple departments. They all operate on similar infrastructure, with resources and services shared across them.
Government bodies are also subject to various privacy, legal, and security concerns, which means that public clouds cannot be used. This makes them the perfect use case for a community cloud. A recent example is the U.S. Defense Department calling for bids for its cloud computing contract. The aim is to deploy vital cloud services for the military, and the Pentagon is looking at bids from Microsoft, Oracle, Amazon, IBM, and Google.
Microsoft’s ‘Azure Government Top Secret’ tailors private cloud for highly sensitive and classified data, just like the other bidders. Google recently announced the development of security and app management tools for the Defense Innovation Unit, Pentagon. It aims to eliminate the challenges that the defense department faces and run a multi-cloud environment in a community cloud deployment model. IBM’s SoftLayer cloud for federal agencies works with local partners to define, deploy, and run industry-specific community clouds.
Community cloud for the healthcare sector
The healthcare industry in the U.S. is regulated by the HIPAA of 1996. This calls for secure storage and transfer of sensitive patient information. Patient records are often shared between hospitals and laboratories. A community cloud adhering to HIPAA would enable them to do this seamlessly. It is also suitable for pharmaceutical companies that share information globally. Given the ongoing collaborative medical research on the COVID-19 pandemic on a global scale, community cloud adoption is a no-brainer.
Besides regulatory compliance of daily transactions, the healthcare industry is also moving into the artificial intelligence (AI) space, processing huge volumes of sensitive data for predicting new trends in disease management and personalized patient care and determining the risk factors of various diseases. A community cloud would enable storage and accessibility of data from multiple sources while adhering to HIPAA.
Community cloud for the education sector
COVID-19 has thrown the education sector into uncharted waters, essentially making face-to-face education close to impossible. The fast-spreading virus effectively moved all forms of learning online. This meant that universities and schools had to technologically catch up with other industries. A barrage of new services was required to connect administrators, teachers, students, and parents. This came with costs, licensing management, and hardware & software procurement and maintenance. Since not every university can afford this, community cloud is a solution that’s being explored across various countries.
A recent study showed that 56.5% of universities in Turkey ran some type of cloud, with 11.8% of them running a community cloud architecture. These community clouds are being used by instructors, students, researchers, IT staff, and administrators of member universities. The aim is for scholars and students to share academic content, making joint research easier. A community cloud also ensures that backup processes and disaster recovery plans are in place.
Besides these three examples, community clouds are also used by companies trying to enable remote employees to securely connect to their core systems from any device over any network. Organizations also use them to test a new piece of innovation governed by regulations before putting it on a public cloud. Community clouds are sometimes used as a stepping stone before committing to a private cloud infrastructure.
Key Components of Community Cloud Architecture
A community cloud is a distributed architecture—each unit comprises services from similar or different clouds under the same domain. Typically, all community clouds consist of the following components:
Components of Community Cloud Architecture
1. Shared policies and protocols
A community cloud is a long-term commitment with other organizations to build, operate, and maintain the system. All members need to come together to create:
- Governance policies: Well-designed community clouds are always shaped by the governance model decided by the members. The process of creating governance policies allows for fewer requirements to be overlooked by the many players involved.
- Security protocols: For the cloud to be compliant, regulations must be analyzed, interpreted, and adhered to. This is most often in the form of security protocols. For example, HIPAA requires email encryption as a matter of compliance.
- Access policies: Just like community gardens either provide patches of land to each person or allow a single piece of land to be shared across many gardeners, member organizations must have access policies tailored to their requirements and SLAs in a community cloud. These are usually handled by identity and access management (IAM) solutions.
- Allocation policies: Many questions need to be addressed while setting up a community cloud. Who is the owner of the cloud? How are resources going to be allocated? Who is going to maintain this common entity? If a member suddenly needs to withdraw due to changing requirements or monetary concerns, how is the uninterrupted continuity of the cloud ensured? Who gets what percentage of data and bandwidth? All these need to be determined before the actual implementation starts.
SLAs between members and the cloud provider specifically laying out the terms of cost and maintenance are a very important first step before even implementing a community cloud.
2. Cloud
An important component of a community cloud is the cloud itself. A community cloud is usually built from scratch on top of a private cloud. There are also off-the-shelf community cloud options packaged with the regulatory specifics of particular industries. One such example is the ‘government cloud’ that we saw in the examples above. The pandemic has accelerated the availability of more ready-to-use, industry-friendly clouds.
3. Cloud management system
Like every other cloud, a single pane management system is crucial for ease of operations and an up-to-date overview of systems at any point in time. A community cloud requires more specific controls for resource allocation, security protocols, and app & data management. If not a single management platform, at least application programming interface (API) standards must be agreed upon.
4. Identity and access management system
Multiple users from different organizations handle the applications, services, and data in a community cloud. This makes IAM a crucial part of community cloud architecture. An audit trail is required for compliance and for any incident response activity that takes place.
5. Data governance tool
This is an important component for community clouds that focus on data as a service (DaaS). Data governance tools track the creation, updating, and deletion of data based on premeditated data policies. This becomes especially important in a scenario where users from different organizations are involved, and data sharing is the main mission of community cloud.
6. Shared application services
This is another vital component for community clouds that focus on accessing common applications and services. These are usually clouds that different departments of the same organization use.
All these components come prepackaged by the cloud vendor. Resource allocation is one of the key steps in building a community cloud, and, as such, the specifics of storage and bandwidth must be carefully considered while implementing one.
Also Read: What Is Data Governance? Definition, Importance, and Best Practices
Top 8 Best Practices for Implementing a Community Cloud in 2021
With community cloud adoption picking up pace, it is easy to get swept up in the wave. Here are the top eight best practices to be considered in 2021 before, during, and after implementing a community cloud.
Community Cloud Implementation Best Practices
1. Evaluate and narrow down on the cloud management system
In any scenario, the more the number of people involved, the more essential a central management system becomes. This is no less true for a community cloud. A comprehensive and robust management system must be the highest priority when looking for third-party community cloud vendors.
If built from scratch, member organizations must decide on a management model, the least of which can just be web services that serve up current information. The cloud management system must be, at any point in time, able to inform administrators about storage used, bandwidth used, and user audit trails, and also be flexible enough for any of the core parameters to be changed as decided by the members.
2. Document the terms of shared ownership
The first step toward considering a community cloud must be deciding which organizations are part of it and how much responsibility and ownership can be attributed to each of them. Every single term of ownership must be discussed, agreed upon, and written down as part of the SLAs.
Some examples that need to be covered include answers to questions such as which organizations take charge of overall management. In case of disagreements, who is the final deciding party? It must also include what percentage of storage and bandwidth is allotted to each member.
3. Determine procurement and cost management
Once the members of a community cloud have been finalized and the basic terms of ownership have been agreed upon, tricky expense-based scenarios must be addressed. Sudden expense increase due to the cost of a member pulling out is one such scenario.
Other cost-based decisions need to be made, such as who provides basic funding or hires the cloud integrator. Terms of fund transfers must also be noted. Furthermore, a mode of metering granular resources such as processor usage, storage, and memory needs to be established.
4. Address security requirements and patch management
All community clouds aim to meet the security standards set by the industry’s regulations. But besides this, members need to make sure that the cloud meets their own security standards and maintains their security posture.
Security monitoring and patch management can either be outsourced to a third party or taken up by member organizations themselves. Communication between cloud security and organizational security must be maintained. The cloud’s information security officer needs to keep all members informed of threat analysis and mitigation activities.
5. Decide on a data segmentation plan
Segmentation of data depends on the industry regulations that the cloud is trying to address. For instance, when high-level government security is involved, the cloud is usually composed of physically separated resources deployed in a segmented compartment within the provider’s data centers. Others may just connect to the same environment and have sessions logically segmented.
6. Ensure change management
A robust logging and reporting system is the key to making community cloud work for all its members. Every change in data, application, or service must be logged and made available for audit to each member. Protocols should be implemented to define how creation, modifications, and deletions are made at all levels. These governance policies must be updated every time new assets or members are added to the system.
7. Factor in scalability and migration
One of the biggest drawbacks of a community cloud is the assignment of fixed capabilities to each member. Negotiation of these terms must allow room for growth. A community cloud should also support migration to an individual private or public cloud if it comes to that.
8. Plan backup and disaster recovery
Every cloud vendor provides backup and recovery capabilities for its customers. When individual organizations are cloud customers, they get to decide the recovery time objective (RTO) and recovery point objective (RPO). The RTO is the amount of time a business can afford for its systems to be down. The RPO signifies how far back the systems need to be backed up so that business continues uninterrupted.
Landing on these values when multiple organizations are involved is much more complex than when a single entity is involved. Once again, these parameters need to be discussed and added to the playbook before a community cloud goes live.
Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices
Takeaway
Building a community cloud involves more focus on business processes and cooperation than technical considerations. After all, a community cloud is just a modified private cloud. A community cloud can be a powerful tool for businesses with the same objectives and requirements. It can even serve as a background for industry-based innovations. When deciding on infrastructure migration to the cloud, private and public clouds are not the only options; community clouds can also fit the bill.
Did this article help you understand the basics of community cloud? Tell us on LinkedIn, Twitter, or Facebook. We would love to hear from you!
