While public cloud services can allow companies to greatly reduce the costs of building and running their own hardware infrastructure and allow them to flexibly scale resource use as needed (adopting a "pay on demand" usage model), many companies require setting up a private cloud environment to protect and control their own sensitive data – allowing sensitive data to be controlled by third parties can present many risks. In addition, it can often be unclear where data or applications running on a public cloud are actually physically located, which can be problematic for adhering to data protection regulations such as the GDPR (General Data Protection Regulations) applying to EU member states.
A hybrid cloud can present the best of both environments – companies can keep their core data or sensitive applications on premises, but when temporary resource use or demand exceeds their on-premises infrastructure capabilities, their users can utilize public cloud resources. This temporary scale up is called "cloud bursting". Public clouds can also be flexibly used for basic and non-sensitive computing tasks or data storage, while business-critical applications and data can stay safely behind a company firewall on the private cloud.