Explore commonly used Cloud Data Security terms.
Role-based access control (RBAC) is a security model that assigns permissions and privileges to users based on their roles within an organization, streamlining access management and ensuring appropriate data and system access.
Packet mirroring is a networking technique that involves duplicating and redirecting network traffic to a monitoring or analysis tool for inspection. It allows for real-time monitoring, analysis, and troubleshooting of network traffic by creating a copy of packets and forwarding them to designated monitoring devices without impacting the normal flow of network traffic.
Data localization refers to the practice of storing and processing data within specific geographic boundaries, typically mandated by legal or regulatory requirements. It aims to ensure data remains within the jurisdiction of a particular country or region, often for reasons such as data protection, privacy, or compliance with local laws.
Data lineage refers to the historical record or lineage of a data element, tracking its origins, transformations, and movements throughout its lifecycle. It provides a detailed understanding of how data flows and changes within an organization, enabling traceability, data quality analysis, and compliance with regulations.
AWS Artifact is a centralized portal provided by Amazon Web Services (AWS) that offers on-demand access to AWS compliance reports and other relevant documentation. It provides a secure and convenient way for AWS customers to access and download compliance reports, such as SOC (Service Organization Control) reports, PCI DSS (Payment Card Industry Data Security Standard) documents, and various other industry-specific certifications and attestations.
Amazon Quantum Ledger Database (QLDB) is a fully managed and transparently immutable database service by AWS. It utilizes blockchain technology to provide an auditable and tamper-proof ledger of all database transactions and changes, ensuring data integrity and enabling secure and verifiable applications.
Amazon Macie is an AWS service that uses machine learning to automatically detect, classify, and safeguard sensitive data stored in the cloud, helping organizations maintain data security and compliance. It identifies and alerts on potential data breaches, monitors data access patterns, and provides actionable insights to protect valuable information.
Amazon Elastic Block Store (EBS) is a block-level storage service for Amazon EC2 instances, offering durable and reliable virtual hard drives that can be easily attached, detached, and resized. It provides persistent storage volumes with automatic data replication within a specific Availability Zone, ensuring data durability and flexibility for EC2 instances.
Amazon CloudWatch is a monitoring and observability service provided by Amazon Web Services (AWS). It allows users to collect and track metrics, collect and monitor log files, set alarms, and visualize and analyze data from various AWS resources and applications. CloudWatch provides a centralized platform for monitoring the health, performance, and availability of AWS resources and applications, enabling users to gain insights, troubleshoot issues, and optimize the performance of their AWS infrastructure.
Data science encompasses the interdisciplinary field that uses scientific methods, processes, algorithms, and systems to extract knowledge and insights from structured and unstructured data. It combines elements of statistics, mathematics, programming, and domain expertise to collect, analyze, and interpret data, ultimately providing actionable insights and solutions for business or scientific purposes.
Data mining refers to the process of extracting valuable insights, patterns, and knowledge from large datasets. It involves the application of various statistical and machine learning techniques to uncover hidden patterns, correlations, and trends within the data, enabling organizations to make informed decisions and predictions.
Data integrity refers to the accuracy, consistency, and reliability of data throughout its lifecycle, ensuring that information remains complete, unaltered, and valid. It involves maintaining the integrity of data from creation to storage and retrieval, safeguarding against unauthorized modifications, corruption, or loss.
PCI is a security standard created by major credit card firms (Visa, MasterCard, American Express) to safeguard cardholder data. Learn more.
A data warehouse is a centralized repository that stores structured, organized, and processed data from various sources. It is designed for efficient querying and analysis, providing a foundation for business intelligence and reporting.
A data lake represents a modern method for data storage and management, which is distinct from conventional systems. Read more.
Azure NetApp Files is a fully-managed Azure service that provides high-performance, enterprise-grade file storage capabilities, allowing users to easily deploy and manage shared file systems in the Azure cloud environment.
Binary Authorization is a security feature in Google Cloud Platform that enforces policies to ensure only authorized and digitally signed container images are deployed, enhancing the overall security of containerized workloads.
Chronicle Security Operations is a platform provided by Google Cloud that offers advanced threat detection, investigation, and remediation capabilities, empowering organizations to enhance their security posture and effectively respond to cyber threats.
A Continuity of Operations Plan (COOP) ensures organizations can continue critical functions during and after disruptions or disasters.
GCP Access Transparency provides logs of data access by Google teams, while GCP Access Approval manages access requests to GCP resources.
Google Advanced Protection Program is a security initiative that provides enhanced safeguards for Google accounts, including stronger authentication methods, proactive phishing and malware protection, and additional measures to protect against targeted attacks.
Google Assured Workloads is a service that helps organizations meet specific regulatory and compliance requirements by providing a controlled environment within Google Cloud Platform for sensitive and highly regulated workloads.
Google Cloud Firewall is a network security solution that controls incoming and outgoing traffic to and from virtual machine instances in Google Cloud Platform, allowing administrators to define and enforce firewall rules.
Hybrid cloud is a computing environment that combines public cloud services with on-premises infrastructure.
Microsoft Defender External Attack Surface Management is a security solution that helps organizations identify and mitigate risks associated with their external attack surface.
Next-gen antivirus (NGAV) is an advanced security solution that uses behavioral analysis, machine learning, and threat intelligence to detect and prevent sophisticated malware and advanced threats in real-time.
The Sarbanes-Oxley Act of 2002 (SOX) is a US federal law that promotes accurate financial reporting and corporate governance for public companies.
Shielded VMs are a security feature that protect virtual machines in Azure and Windows Server by preventing tampering and unauthorized access to the underlying infrastructure.
AWS PCA is a managed service for creating and managing private certificate authorities, facilitating the issuance and management of digital certificates in AWS.
AWS RAM (Resource Access Manager) is a service that allows secure sharing of AWS resources across multiple AWS accounts without the need for duplication or complex permission management.
Azure AD DS is a managed domain service in Azure for identity and access management, combining on-premises and cloud resources using Active Directory tools.
Azure App Configuration is a centralized service in Azure for managing and storing application settings and feature flags, allowing for dynamic configuration updates without redeployment.
Azure Archive Storage is a low-cost, long-term storage solution for infrequently accessed data.
Azure Backup is a cloud-based data protection service in Azure that offers reliable backup and recovery for virtual machines, servers, and Azure resources.
Azure Data Box is a physical appliance for fast and secure large-scale data transfer to and from the cloud.
Azure DDoS Protection safeguards Azure-hosted applications and resources from DDoS attacks by employing monitoring, analysis, and mitigation techniques.
Azure Disk Storage is a managed cloud storage service in Microsoft Azure that provides durable and high-performance block storage for virtual machines (VMs) and other Azure services, enabling reliable storage for operating systems, applications, and data with options for scalability, redundancy, and performance optimization.
Azure Files is a cloud-based file storage service provided by Microsoft Azure that offers fully managed file shares accessible over the Server Message Block (SMB) protocol, allowing organizations to store and access files from anywhere and integrate seamlessly with Azure services and on-premises environments.
Azure Firewall Manager is a centralized security management service in Microsoft Azure that enables organizations to configure, manage, and monitor multiple Azure Firewall instances across different Azure subscriptions and regions from a single, unified interface.
AWS Elastic Disaster Recovery is a solution provided by Amazon Web Services that allows organizations to quickly and efficiently recover their critical IT systems and data in the event of a disaster, ensuring business continuity and minimizing downtime.
Amazon Athena is a serverless query service in AWS that enables easy analysis of data stored in Amazon S3 using standard SQL queries without the need for infrastructure management.
Azure Data Lake Storage is a cloud-based storage service by Microsoft Azure that enables scalable and secure storage of large amounts of data for analytics, processing, and insights generation.
CPRA, or the California Privacy Rights Act, is a California state law that enhances consumer privacy rights by expanding regulations on data collection, processing, and sharing, and establishing stricter requirements for businesses in relation to data protection and user privacy.
Ciphertext is the encrypted form of plaintext, which is the regular, unencrypted text. Learn more.
DevOps unites development and operations teams, enhancing collaboration that speeds up software releases while ensuring quality. Find out more.
A VPC is a virtual network infrastructure within a public cloud environment that offers customizable network configuration and security, allowing organizations to securely deploy and manage their cloud resources.
CCPA is a privacy law in California that gives residents rights over their personal information and imposes obligations on businesses regarding data collection, use, and sale, aiming to enhance consumer privacy and control over personal data.
HIPAA is a US federal law that sets privacy and security standards for protecting sensitive patient health information, ensuring its confidentiality and integrity in healthcare settings.
PCI DSS, or Payment Card Industry Data Security Standard, is a set of security requirements established by the major credit card companies to ensure the secure handling, processing, and storage of payment card data. It outlines best practices for protecting cardholder information, including network security, data encryption, access controls, regular monitoring, and compliance validation to prevent data breaches and maintain the integrity of cardholder data.
PHI, or Protected Health Information, refers to any individually identifiable health information that is created, received, or maintained by a covered entity (such as healthcare providers, health plans, or healthcare clearinghouses) and relates to a person's past, present, or future physical or mental health, treatment, or payment for healthcare services.
PII, or Personally Identifiable Information, refers to any data that can be used to identify or distinguish an individual, such as names, social security numbers, addresses, or biometric records.
Antivirus software defends against, detects, and removes malware on computers, servers, and devices. Find out more.
Advanced Persistent Threat (APT) is a sophisticated and prolonged cyber attack conducted by skilled adversaries with significant resources, involving stealthy tactics to gain unauthorized access and extract valuable information or control over compromised systems.
Authentication is the process of verifying the identity of a user or entity before granting access, safeguarding against unauthorized access and impersonation attempts.
Authorization involves granting or denying access to resources based on user permissions, ensuring only authorized individuals or entities can access specific information or perform certain actions.
Encryption converts readable data to ciphertext for secure transmission, and storage, preventing unauthorized access or tampering. Learn more.
Public cloud security involves implementing measures to protect data, applications, and infrastructure in a shared cloud environment, ensuring authentication, access controls, encryption, and monitoring are in place to prevent unauthorized access and data breaches.
Container security involves implementing measures to protect the integrity and isolation of containerized applications and their underlying infrastructure. It focuses on mitigating vulnerabilities, enforcing access controls, monitoring runtime behavior, and ensuring secure container image management to prevent unauthorized access, data breaches, and malicious activities.
HIPAA, enacted in 1996, safeguards US health data privacy and security, securing individuals' health information. Read more.
PCI DSS is a security standard created by major credit card firms to safeguard cardholder data. Read more.
CCPA is California's privacy law, effective January 1, 2020, that safeguards consumer data in the United States. Read more.
GDPR is an extensive EU data protection law. It empowers individuals with data control and unifies EU regulations. Find out more.
SaaS is a cloud model where a third-party provider delivers software via internet subscriptions. Learn more.
Security Orchestration, Automation, and Response (SOAR) products are tools that help organizations automate and streamline their incident response processes.
Understanding your organization’s security posture helps you get a clear picture of how secure your business is when facing cyber threats from internal and external sources.
A Security Operation Center (SOC) is a dedicated team or department within an organization that is responsible for monitoring and managing the organization's security posture.
SIEM products are tools that help organizations monitor and analyze their security posture in real-time.
SaaS Security Posture Management (SSPM) are automated security tools that allow for constant monitoring of cloud-based SaaS applications. These tools identify misconfigurations, excessive user permissions, and unnecessary user accounts, helping IT and security teams to ensure compliance with internal policies and external regulations.
Private cloud is a type of cloud computing that delivers services, such as storage, computing, and networking, over the internet, but in a way that is dedicated to a single organization.
PaaS is a cloud model where a third-party provider offers a platform for developing, deploying, and managing applications via the internet. Learn more.
Microsoft Sentinel is a powerful security platform that helps organizations detect and respond to threats in real-time.
Microsoft Defender for Cloud is a powerful security tool that helps organizations protect their cloud environments against a wide range of threats.
Kubernetes is an open-source system for automating containerized app deployment, scaling, and management. Read more.
Microsoft Azure Bastion is a service that allows you to securely and seamlessly connect to your Azure virtual machines (VMs) over Remote Desktop Protocol (RDP) and Secure Shell (SSH)
IaaS is a cloud model where a provider offers computing, networking, and storage via the internet. Find out more.
Homomorphic encryption is an encryption technique that allows users to perform mathematical operations on encrypted data, without accessing the encryption key.
GCP is a powerful and flexible cloud computing platform that provides businesses with the tools and infrastructure they need to build, deploy, and scale applications and websites quickly and easily.
Google Secret Manager is a secure, scalable, and easy-to-use secrets management service provided by Google Cloud Platform
DynamoDB, provided by Amazon Web Services (AWS), is a completely managed NoSQL database service. Learn more.
Data Security Compliance is a process that defines protocols, procedures and policies to ensure that sensitive data is protected
Data Loss Prevention refers to tools that prevent employees or users from sending sensitive or confidential data outside the company’s network. Learn more.
Data engineering is the practice of designing, building, and maintaining the infrastructure and processes needed to store, transform, and analyze data.
The Data Encryption Standard (DES) is a symmetric-key block cipher algorithm that was first published by the National Institute of Standards and Technology (NIST) in 1977.
Cloud vulnerabilities refer to weaknesses or gaps in the security of cloud computing systems that could potentially be exploited
Cloud Security Posture Management (CSPM) refers to security tools that are used to detect misconfiguration and compliance issues in cloud infrastructures. The primary use of CSPM solutions is to constantly monitor cloud infrastructure for any gaps in security measures or compliance issues.
Cache poisoning is a type of attack in which an attacker is able to inject malicious data into a cache, often a DNS cache.
Azure Blob Storage is a powerful and scalable solution for storing and managing large amounts of unstructured data in the cloud.
Azure Key Vault is a security service offered by Microsoft Azure. It is designed to help customers securely store and manage their cryptographic keys, secrets, and certificates
Azure AD is a powerful tool for managing user identities, access to resources, and security for applications and services within an organization. Learn more.
AWS Storage Gateway is a powerful and convenient service for storing and retrieving data from on-premises storage systems using the AWS Cloud.
Amazon Web Services (AWS) offers AWS Shield as a security service for safeguarding resources. Find out more.
AWS Security Hub is a security management service offered by Amazon Web Services (AWS)
AWS Organizations is a feature of the Amazon Web Services (AWS) platform that allows you to centralize billing, account management, and access control for multiple AWS accounts.
AWS Network Firewall is a managed network security service that provides inbound and outbound traffic filtering for Amazon Virtual Private Clouds (VPCs)
AWS Lambda is a serverless compute service that runs code in response to events, managing resources for you. Learn more.
AWS IAM, or Amazon Web Services Identity and Access Management, ensures secure resource access and management within the AWS platform. Read more.