The Three Levels of Cloud Security

Public Cloud Services:
These cloud services may be secure, but enterprises typically have no control over infrastructure or auditing authority. Essentially, the cloud provider makes IT resources — applications and storage, for example — available for use across the Internet. All underlying infrastructure is owned and managed by the provider. Because billing for such services is usually metered, the user organization pays only for what it uses.
Private Cloud:
This approach provides the most control and the greatest ability to secure and audit the infrastructure, applications and data. The organization builds its own pool of IT services, usually highly virtualized, and makes them available for use only within its own organization. All hardware, software and infrastructure is owned or controlled by the organization, but this often includes third-party management and hosting. The IT department charges the various business units only for the IT services they consume.
Hybrid Cloud:
This scheme essentially combines the other two approaches. Regulated and proprietary data is held within the " " areas of the cloud. Meanwhile, other types of less-critical data are shifted to public cloud services. The security advantage is added flexibility: Highly confidential data can be kept "" while less confidential data can be shifted to pay-as-you-go public clouds.
SOURCE: Smart Enterprise