What is cloud computing

Cloud computing is structured into three service models with different levels of abstraction. IaaS (Infrastructure as a Service) provides virtual machines, networks and storage: you manage the operating system and applications. PaaS (Platform as a Service) adds the runtime and development tools: you only manage your code. SaaS (Software as a Service) is the complete application ready to use.

AWS EC2 is pure IaaS. Heroku, Google App Engine and Railway are PaaS. Gmail, Slack and Salesforce are SaaS. Each model implies a trade-off between control and responsibility: more abstraction means less control but less operational burden.

Public cloud (AWS, Azure, GCP) shares infrastructure among multiple clients with logical isolation. It is the most affordable and scalable option, suitable for most workloads. Private cloud dedicates exclusive infrastructure to one organisation, offering greater control and regulatory compliance.

Hybrid cloud combines both models: sensitive data on private infrastructure and scalable workloads on public cloud. Multi-cloud (using multiple providers simultaneously) reduces vendor lock-in but adds operational complexity. Most mid-sized companies operate on public cloud; regulated sectors (banking, healthcare) tend to opt for hybrid.

The most immediate benefit is the elimination of capex (upfront hardware investment). Cloud converts infrastructure spending from capital to operational expenditure (opex), with monthly payment for actual usage. This enables startups to launch products without server investment and established companies to scale without purchasing additional hardware.

Automatic scaling adjusts resources based on demand: more capacity during traffic peaks, less during quiet hours. Global availability allows deploying applications across multiple world regions, reducing latency and complying with data residency regulations.

Cloud security follows a shared responsibility model. The provider secures the physical infrastructure (data centres, networks, hardware). The client secures what runs on that infrastructure: access configuration, data encryption, credential management and compliance.

Major providers (AWS, GCP, Azure) hold certifications such as SOC 2, ISO 27001, GDPR and HIPAA. But a client misconfiguration (a public S3 bucket, credentials in code, excessive permissions) can expose sensitive data. Cloud security is only as strong as the weakest link in the chain.

The pay-as-you-go model can generate surprises if not monitored. Primary costs come from compute (virtual machines, functions), storage, data transfer (egress) and managed services (databases, queues, cache). Egress traffic is where many companies find unexpected costs.

Best practices include: setting budget alerts, using reserved instances or savings plans for predictable workloads, shutting down unused resources (development environments overnight) and reviewing sizing monthly. Tools like AWS Cost Explorer, GCP Billing and Azure Cost Management help control spending.

The simplest path to get started is using PaaS or SaaS services that abstract infrastructure complexity. Deploy a web application on Vercel or Railway before managing servers on AWS EC2. Use a managed database (Supabase, PlanetScale, Neon) before administering a PostgreSQL instance on a VM.

When scale justifies it, migrate to IaaS services with greater control and lower unit cost. The key is to start simple, measure costs and performance, and add complexity only when the benefits justify it.