OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. The three taxonomies that have become part of our vernacular are: 1. Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application. Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services. If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance.
2. Platform as a Service (PaaS): A runtime environment for application developer to deploy their applications in their desired programming environments with production issues such as scalability, security and reliability already addressed by the Platform. Google App Engine, the support Java and Python is a good example of PaaS. Using PaaS developers can code applications locally on developer machines and push them to the cloud. The developed applications can automatically scale to millions of invocations and thousands of users. The developers do not have to concern themselves with managing threading, concurrency and load balancing issues for such almost unbound scalability.

The link for this article located at AjaxWorld is no longer available.