How I understood it is with recent example I had at work which is:
creating web application for contacts in 2 offices that are in the same country but far from each other.
You can deploy this web based app on 2 sites separably on their LAN, and you assume that you get extra security cause its host on the site and on premises, and not internet exposed, but imagine the hidden cost of managing 2 server rooms or 2 rugged machines that you need to check and manage, instead what you can do is make each site a static external public IP and pay for that extra option, and host the web app on the cloud. And in the firewall of the hosted web app create rules to only allow Office 1 public IP + office 2 public IP. And this way you get the best of everything. Someone else managing your server room + same security you would get as if its LAN hosted, and no need to develop application twice.
And yes currently I manage the same web app twice, and perhaps an intranet site as well will be twice created, cause my managers love adding more work instead of working smart, and the french people are messed up in the head, they think they know everything better and they dont take advice from no one.