Software as a Service (SaaS) is at the top of the cloud computing stack. Here the cloud providers have created full applications running on server farms that may themselves be geographically distributed. Although Salesforce.com has long been held up as the premier SaaS provider, Facebook, Flickr, eBay, Yahoo Stores, Amazon Marketplace, the backup-storage provider Carbonite, and even the financial assistant Mint.com offer SaaS as well.

Cloud computing does not require making your data available on the public Internet. If your data is too sensitive or valuable for that—and if you’ve got a lot of money and trained staff—your organization might be a good candidate for what NIST calls the private cloud deployment model, in which an organization operates a cloud strictly for its own use. A private cloud lets an organization benefit from the flexibility of cloud technology so that it can use its equipment more efficiently, but without the risk that other users of the cloud could snoop on its data.

The community cloud, yet another model, is a private cloud that’s shared by several organizations and typically supports a specific requirement. For example, a group of health-care organizations might create a community cloud to hold patient medical and billing records.

A public cloud is a system that’s owned by the cloud provider and made available to the general public. Facebook and Google fall into this category.

Last is NIST’s hybrid cloud model, in which multiple cloud systems are connected in a way that allows programs and data to be moved easily from one deployment system to another. For example, a company might develop its system on Amazon’s IaaS but then run one version on Amazon for public data and a second on a private cloud for its sensitive information.