There are of course public clouds, private clouds, and hybrid clouds. There has also been talk of possible 'regulated' clouds for regulated information. The anticipated promise of regulated clouds is that customers would get the benefits of a public cloud (e.g., greater cost efficiencies, massive scalability, elasticity, pay-as-you-go) that would also have improved security to be able to satisfactorily handle regulated information - and keep regulatory bodies appeased.
Until now, such regulated clouds have merely been vaporware. No longer. The first effectively regulated cloud is now open for production. The Defense Information Systems Agency (DISA - part of the U.S. Department of Defense, DoD) has now opened its "private" cloud (i.e., Rapid Access Computing Environment., RACE) to production applications. (RACE had been in testing for over a year.)
Of course, we're talking about data that would normally be found in/on a public cloud - that is, non-sensitive, non-regulated, non-classified information. Starting in CYQ1 of 2010 however, RACE will connect to DoD's classified network (Secure Internet Protocol Router Network, SIPRNet). This is significant because public cloud provider's (e.g., Amazon's Web Services) will be looking at pricing that DISA has announced for RACE (currently productions 'servers' - that is, virtual images - cost $1,200 per month, which includes provisioning, 24/7 support, access to the military non-secure IP network and SLAs) to see if it will be cost effective to offer 'regulated' clouds to the private sector.
DISA's RACE could portend regulated clouds for GLBA, HIPAA, PCI-DSS, and other regulatory frameworks. Whether the economics of regulated clouds makes them widely available, RACE is another example of the maturation of cloud computing - as well as a concrete step by the U.S Government to change how Federal IT is procured and operated.