Top 5 Cloud Computing Providers

Here is a list of the Top 5 Cloud Computing providers. The key parameters used for comparing these cloud platforms include when the platforms were introduced, support for various operating systems/languages, current adoption levels of the platforms and the overall potential of the platform. A good understanding of the key cloud computing platforms is critical to understand the current state of cloud computing and the overall direction of the industry. This in turn is very useful while making a choice for an appropriate cloud computing platform. Please read the following article Comparing SaaS, PaaS and IaaS to understand some of the terminology used in this article.

Amazon
Clearly the market leader in Cloud Computing and primarily a IaaS vendor.EC2 and S3 are the two most popular services available as part of Amazon Web Services. They also have the most wide variety of services available as part of their cloud platform.
There are indications that Amazon may have a total of 1.8 million deployed instances and showing 10% overall growth in deployments
Indications are they had a total revenue of 220 million USD revenue from their Cloud business
There are around 100,000 customers using Amazon Web Services

Rackspace
Rackspace which has long been one of the largest players in the managed hosting market quickly transformed itself into a highly successful Cloud Computing provider primarily as an IaaS provider. They have two key services Cloud Servers and Cloud Files which are the equivalent of EC2 and S3 from Amazon.
Indicating 100% growth in Cloud Revenues from 2008 to 2009
Added around 40,000 new customers in the last 4 quarters
Cloud Revenue has been 56 million USD in 2009

Salesforce.com
Salesforce.com was one of the earliest Cloud Computing companies to get setup with a specific focus on CRM and functioned as a SaaS company.Salesforce.com first started in 1999 and has grown significantly from its initial launch with a continuous focus on CRM. Force.com was launched in 2007 as a custom application development platform as an entry into the PaaS market but has not been able to garner a significant market due its proprietary platform. Given the specific nature of the platform Amazon and Rackspace have been ranked higher in this list even though Salesforce has a higher revenue.
Total of 55,000 corporate customers and 1.5 million individual subscribers.
Total revenue of .3 billion for 2009

Google
Google made a late entry into the Cloud Computing business with two services, Google Apps which primarily targets the SaaS space and the Google App Engine which provides a PaaS model for businesses and individuals to deploy their Web Apps. They have quickly made a mark with both the platforms and have made significant growth in the overall cloud computing market.
Google Apps has 1 million customers and an approximate revenue of million
Google App Engine does not have any numbers publicly available, since the paid version launched a year back they may need some more time before we get a sense of the adoption.

Microsoft
Microsoft was the last major player to enter into the market and as expected launched a platform Azure based on their Windows/Azure stack. While they have continued to claim that Azure is not tied to .NET, the expectation is the platform will see most adoption from Microsoft shops with a focus on .NET and Windows based technologies and platforms.
Indications are that around 10,000 customers have moved to Azure
Since the launch has been less than 6 months back its a little early to track adoption.
We rank it high due to the high potential of the platform and tight integration with Microsoft based development platforms.

Conclusion
Amazon and Rackspace continue to be the key players in Cloud Computing with a key focus on IaaS as the core service they offer. Given the core expertise of these companies it is unlikely that they will venture into other aspects of the Cloud and they are unlikely to offer SaaS or PaaS services anytime soon. It is highly likely that all growth in the IaaS segment of Cloud Computing will be distributed between these two companies. Microsoft and Google are likely to be key players in the PaaS space clearly segmented between .NET and Java applications. Salesforce on the other hand is likely to remain a player focused purely on the CRM market and primarily as a SaaS provider.

Top 7 threats to cloud computing

1 Abuse and nefarious use of cloud computing((IaaS, PaaS) -- 
The easiness of registering for IaaS solutions and the relative anonymity they offer attracts many a cyber criminal. IaaS offerings have been known to host botnets and/or their command and control centers, downloads for exploits, Trojans, etc. There is a myriad of ways in which in-the-cloud capabilities can be misused - possible future uses include launching dynamic attack points, CAPTCHA solving farms, password and key cracking and more
Remediation - 
-Stricter initial registration and validation processes.
-Enhanced credit card fraud monitoring and coordination.
-Comprehensive introspection of customer network traffic.
- Monitoring public blacklists for one’s own network blocks

2 Insecure interfaces and APIs (IaaS, PaaS, SaaS) -
As software interfaces or APIs are what customers use to interact with cloud services, those must have extremely secure authentication, access control, encryption and activity monitoring mechanisms - especially when third parties start to build on them..
Remediation-
-Analyze the security model of cloud provider interfaces.
- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.
- Understand the dependency chain associated with the API

3 Malicious insiders (IaaS, PaaS, SaaS) -
The threat of a malicious insider is well-known to most organizationsThis threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.
Remediation-
-Enforce strict supply chain management and conduct a comprehensive supplier assessment.
-Specify human resource requirements as part of legal contracts.
-Require transparency into overall information security and management practices, as well as compliance reporting.
-Determine security breach notification processes.

4 Shared technology issues (IaaS)-
Sharing infrastructure is a way of life for IaaS providers. Unfortunately, the components on which this infrastructure is based were not designed for that. To ensure that customers don't thread on each other's "territory", monitoring and strong compartmentalization is required, not to mention scanning for and patching of vulnerabilities that might jeopardize this coexistence.
Remediation -
Implement security best practices for installation/configuration.
-Monitor environment for unauthorized changes/activity.
-Promote strong authentication and access control for administrative access and operations. Enforce service -level agreements for patching and vulnerability remediation.
-Conduct vulnerability scanning and configuration audits.

5 Data loss or leakage( IaaS, PaaS, SaaS)-
There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable,
as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gaining access to sensitive data. The threat of data compromise  increases in the cloud, due to thenumber of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment.
Remediation - 
-Implement strong API access control.
-Encrypt and protect integrity of data in transit.
-Analyzes data protection at both design and run time. Implement strong key generation, storage and management, and destruction practices. Contractually demand providers wipe persistent media before it
is released into the pool.
-Contractually specify provider backup and retention strategies.

6 Account or service hijacking(IaaS, PaaS, SaaS)  -
Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may
become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.
Remediation - 
-Prohibit the sharing of account credentials between users and services. Leverage strong two-factor authentication techniques where possible.
-Employ proactive monitoring to detect unauthorized activity.
-Understand cloud provider security policies and SLAs

7 Unknown risk profile ( IaaS, PaaS, SaaS) - 
One of the tenets of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business strengths. This has clear financial and operational
benefits, which must be weighed carefully against the contradictory security concerns — complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the
security ramifications. Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all important factors for estimating your company’s security posture.
Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can result in unknown exposures. It may also impair the in-depth analysis required highly
controlled or regulated operational areas.
Remediation -
-Disclosure of applicable logs and data.
-Partial/full disclosure of infrastructure details (e.g., patch
levels, firewalls, etc.).
-Monitoring and alerting on necessary information