Cloud Data Security Glossary

Explore commonly used Cloud Data Security terms.

Sort Alphabetically

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

Role Based Access Control

Role-based access control (RBAC) is a security model that assigns permissions and privileges to users based on their roles within an organization, streamlining access management and ensuring appropriate data and system access.

Packet Mirroring

Packet mirroring is a networking technique that involves duplicating and redirecting network traffic to a monitoring or analysis tool for inspection. It allows for real-time monitoring, analysis, and troubleshooting of network traffic by creating a copy of packets and forwarding them to designated monitoring devices without impacting the normal flow of network traffic.

Data Localization

Data localization refers to the practice of storing and processing data within specific geographic boundaries, typically mandated by legal or regulatory requirements. It aims to ensure data remains within the jurisdiction of a particular country or region, often for reasons such as data protection, privacy, or compliance with local laws.

Data Lineage

Data lineage refers to the historical record or lineage of a data element, tracking its origins, transformations, and movements throughout its lifecycle. It provides a detailed understanding of how data flows and changes within an organization, enabling traceability, data quality analysis, and compliance with regulations.

AWS Artifact

AWS Artifact is a centralized portal provided by Amazon Web Services (AWS) that offers on-demand access to AWS compliance reports and other relevant documentation. It provides a secure and convenient way for AWS customers to access and download compliance reports, such as SOC (Service Organization Control) reports, PCI DSS (Payment Card Industry Data Security Standard) documents, and various other industry-specific certifications and attestations.

Amazon Quantum Ledger Database

Amazon Quantum Ledger Database (QLDB) is a fully managed and transparently immutable database service by AWS. It utilizes blockchain technology to provide an auditable and tamper-proof ledger of all database transactions and changes, ensuring data integrity and enabling secure and verifiable applications.

Amazon Macie

Amazon Macie is an AWS service that uses machine learning to automatically detect, classify, and safeguard sensitive data stored in the cloud, helping organizations maintain data security and compliance. It identifies and alerts on potential data breaches, monitors data access patterns, and provides actionable insights to protect valuable information.

Amazon EBS

Amazon Elastic Block Store (EBS) is a block-level storage service for Amazon EC2 instances, offering durable and reliable virtual hard drives that can be easily attached, detached, and resized. It provides persistent storage volumes with automatic data replication within a specific Availability Zone, ensuring data durability and flexibility for EC2 instances.

Amazon CloudWatch

Amazon CloudWatch is a monitoring and observability service provided by Amazon Web Services (AWS). It allows users to collect and track metrics, collect and monitor log files, set alarms, and visualize and analyze data from various AWS resources and applications. CloudWatch provides a centralized platform for monitoring the health, performance, and availability of AWS resources and applications, enabling users to gain insights, troubleshoot issues, and optimize the performance of their AWS infrastructure.

Data Science

Data science encompasses the interdisciplinary field that uses scientific methods, processes, algorithms, and systems to extract knowledge and insights from structured and unstructured data. It combines elements of statistics, mathematics, programming, and domain expertise to collect, analyze, and interpret data, ultimately providing actionable insights and solutions for business or scientific purposes.

Data Mining

Data mining refers to the process of extracting valuable insights, patterns, and knowledge from large datasets. It involves the application of various statistical and machine learning techniques to uncover hidden patterns, correlations, and trends within the data, enabling organizations to make informed decisions and predictions.

Data Integrity

Data integrity refers to the accuracy, consistency, and reliability of data throughout its lifecycle, ensuring that information remains complete, unaltered, and valid. It involves maintaining the integrity of data from creation to storage and retrieval, safeguarding against unauthorized modifications, corruption, or loss.

PCI

PCI is a security standard created by major credit card firms (Visa, MasterCard, American Express) to safeguard cardholder data. Learn more.

Data Warehouse

A data warehouse is a centralized repository that stores structured, organized, and processed data from various sources. It is designed for efficient querying and analysis, providing a foundation for business intelligence and reporting.

Data Lake

A data lake represents a modern method for data storage and management, which is distinct from conventional systems. Read more.

Azure NetApp Files

Azure NetApp Files is a fully-managed Azure service that provides high-performance, enterprise-grade file storage capabilities, allowing users to easily deploy and manage shared file systems in the Azure cloud environment.

Binary Authorization

Binary Authorization is a security feature in Google Cloud Platform that enforces policies to ensure only authorized and digitally signed container images are deployed, enhancing the overall security of containerized workloads.

Chronicle Security Operations

Chronicle Security Operations is a platform provided by Google Cloud that offers advanced threat detection, investigation, and remediation capabilities, empowering organizations to enhance their security posture and effectively respond to cyber threats.

Continuity of Operations Plan

A Continuity of Operations Plan (COOP) ensures organizations can continue critical functions during and after disruptions or disasters.

GCP Access Transparency and Access Approval

GCP Access Transparency provides logs of data access by Google teams, while GCP Access Approval manages access requests to GCP resources.

Google Advanced Protection Program

Google Advanced Protection Program is a security initiative that provides enhanced safeguards for Google accounts, including stronger authentication methods, proactive phishing and malware protection, and additional measures to protect against targeted attacks.

Google Assured Workloads

Google Assured Workloads is a service that helps organizations meet specific regulatory and compliance requirements by providing a controlled environment within Google Cloud Platform for sensitive and highly regulated workloads.

Google Cloud Firewall

Google Cloud Firewall is a network security solution that controls incoming and outgoing traffic to and from virtual machine instances in Google Cloud Platform, allowing administrators to define and enforce firewall rules.

Hybrid Cloud

Hybrid cloud is a computing environment that combines public cloud services with on-premises infrastructure.

Microsoft Defender External Attack Surface Management

Microsoft Defender External Attack Surface Management is a security solution that helps organizations identify and mitigate risks associated with their external attack surface.

Next Gen Antivirus

Next-gen antivirus (NGAV) is an advanced security solution that uses behavioral analysis, machine learning, and threat intelligence to detect and prevent sophisticated malware and advanced threats in real-time.

Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 (SOX) is a US federal law that promotes accurate financial reporting and corporate governance for public companies.

Shielded VMs

Shielded VMs are a security feature that protect virtual machines in Azure and Windows Server by preventing tampering and unauthorized access to the underlying infrastructure.

AWS Private Certificate Authority

AWS PCA is a managed service for creating and managing private certificate authorities, facilitating the issuance and management of digital certificates in AWS.

AWS Resource Access Manager

AWS RAM (Resource Access Manager) is a service that allows secure sharing of AWS resources across multiple AWS accounts without the need for duplication or complex permission management.

Azure AD DS

Azure AD DS is a managed domain service in Azure for identity and access management, combining on-premises and cloud resources using Active Directory tools.

Azure App Configuration

Azure App Configuration is a centralized service in Azure for managing and storing application settings and feature flags, allowing for dynamic configuration updates without redeployment.

Azure Archive Storage

Azure Archive Storage is a low-cost, long-term storage solution for infrequently accessed data.

Azure Backup

Azure Backup is a cloud-based data protection service in Azure that offers reliable backup and recovery for virtual machines, servers, and Azure resources.

Azure Data Box

Azure Data Box is a physical appliance for fast and secure large-scale data transfer to and from the cloud.

Azure DDoS Protection

Azure DDoS Protection safeguards Azure-hosted applications and resources from DDoS attacks by employing monitoring, analysis, and mitigation techniques.

Azure Disk Storage

Azure Disk Storage is a managed cloud storage service in Microsoft Azure that provides durable and high-performance block storage for virtual machines (VMs) and other Azure services, enabling reliable storage for operating systems, applications, and data with options for scalability, redundancy, and performance optimization.

Azure Files

Azure Files is a cloud-based file storage service provided by Microsoft Azure that offers fully managed file shares accessible over the Server Message Block (SMB) protocol, allowing organizations to store and access files from anywhere and integrate seamlessly with Azure services and on-premises environments.

Azure Firewall Manager

Azure Firewall Manager is a centralized security management service in Microsoft Azure that enables organizations to configure, manage, and monitor multiple Azure Firewall instances across different Azure subscriptions and regions from a single, unified interface.

AWS Elastic Disaster Relief

AWS Elastic Disaster Recovery is a solution provided by Amazon Web Services that allows organizations to quickly and efficiently recover their critical IT systems and data in the event of a disaster, ensuring business continuity and minimizing downtime.

Amazon Athena

Amazon Athena is a serverless query service in AWS that enables easy analysis of data stored in Amazon S3 using standard SQL queries without the need for infrastructure management.

Azure Data Lake Storage

Azure Data Lake Storage is a cloud-based storage service by Microsoft Azure that enables scalable and secure storage of large amounts of data for analytics, processing, and insights generation.

California Privacy Rights Act (CPRA)

CPRA, or the California Privacy Rights Act, is a California state law that enhances consumer privacy rights by expanding regulations on data collection, processing, and sharing, and establishing stricter requirements for businesses in relation to data protection and user privacy.

Cyphertext

Ciphertext is the encrypted form of plaintext, which is the regular, unencrypted text. Learn more.

DevOps

DevOps unites development and operations teams, enhancing collaboration that speeds up software releases while ensuring quality. Find out more.

Knative

Knative is an open-source platform to develop and deploy serverless apps. Learn more.

Virtual Private Cloud (VPC)

A VPC is a virtual network infrastructure within a public cloud environment that offers customizable network configuration and security, allowing organizations to securely deploy and manage their cloud resources.

California Consumer Privacy Act (CCPA)

CCPA is a privacy law in California that gives residents rights over their personal information and imposes obligations on businesses regarding data collection, use, and sale, aiming to enhance consumer privacy and control over personal data.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a US federal law that sets privacy and security standards for protecting sensitive patient health information, ensuring its confidentiality and integrity in healthcare settings.

MongoDB

MongoDB is a widely used open-source database management system. Learn more.

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS, or Payment Card Industry Data Security Standard, is a set of security requirements established by the major credit card companies to ensure the secure handling, processing, and storage of payment card data. It outlines best practices for protecting cardholder information, including network security, data encryption, access controls, regular monitoring, and compliance validation to prevent data breaches and maintain the integrity of cardholder data.

Protected Healthcare Information (PHI)

PHI, or Protected Health Information, refers to any individually identifiable health information that is created, received, or maintained by a covered entity (such as healthcare providers, health plans, or healthcare clearinghouses) and relates to a person's past, present, or future physical or mental health, treatment, or payment for healthcare services.

Personally Identifiable Information (PII)

PII, or Personally Identifiable Information, refers to any data that can be used to identify or distinguish an individual, such as names, social security numbers, addresses, or biometric records.

Anti-virus

Antivirus software defends against, detects, and removes malware on computers, servers, and devices. Find out more.

Advanced Persistent Threat (APT)

Advanced Persistent Threat (APT) is a sophisticated and prolonged cyber attack conducted by skilled adversaries with significant resources, involving stealthy tactics to gain unauthorized access and extract valuable information or control over compromised systems.

Authentication

Authentication is the process of verifying the identity of a user or entity before granting access, safeguarding against unauthorized access and impersonation attempts.

Authorization

Authorization involves granting or denying access to resources based on user permissions, ensuring only authorized individuals or entities can access specific information or perform certain actions.

Encryption

Encryption converts readable data to ciphertext for secure transmission, and storage, preventing unauthorized access or tampering. Learn more.

Public Cloud

Public cloud security involves implementing measures to protect data, applications, and infrastructure in a shared cloud environment, ensuring authentication, access controls, encryption, and monitoring are in place to prevent unauthorized access and data breaches.

Container Security

Container security involves implementing measures to protect the integrity and isolation of containerized applications and their underlying infrastructure. It focuses on mitigating vulnerabilities, enforcing access controls, monitoring runtime behavior, and ensuring secure container image management to prevent unauthorized access, data breaches, and malicious activities.

HIPAA

HIPAA, enacted in 1996, safeguards US health data privacy and security, securing individuals' health information. Read more.

PCI-DSS

PCI DSS is a security standard created by major credit card firms to safeguard cardholder data. Read more.

CCPA

CCPA is California's privacy law, effective January 1, 2020, that safeguards consumer data in the United States. Read more.

GDPR

GDPR is an extensive EU data protection law. It empowers individuals with data control and unifies EU regulations. Find out more.

SaaS

SaaS is a cloud model where a third-party provider delivers software via internet subscriptions. Learn more.

Security Orchestration, Automation, and Response (SOAR)

Security Orchestration, Automation, and Response (SOAR) products are tools that help organizations automate and streamline their incident response processes.

Security Posture Management

Understanding your organization’s security posture helps you get a clear picture of how secure your business is when facing cyber threats from internal and external sources.

Shadow Data

Understanding Shadow Data, and the risks it poses to cloud environments

Security Operation Center (SOC)

A Security Operation Center (SOC) is a dedicated team or department within an organization that is responsible for monitoring and managing the organization's security posture.

Security and Information Event Management (SIEM)

SIEM products are tools that help organizations monitor and analyze their security posture in real-time.

SaaS Security Posture Management

SaaS Security Posture Management (SSPM) are automated security tools that allow for constant monitoring of cloud-based SaaS applications. These tools identify misconfigurations, excessive user permissions, and unnecessary user accounts, helping IT and security teams to ensure compliance with internal policies and external regulations.

Private Cloud

Private cloud is a type of cloud computing that delivers services, such as storage, computing, and networking, over the internet, but in a way that is dedicated to a single organization.

PaaS

PaaS is a cloud model where a third-party provider offers a platform for developing, deploying, and managing applications via the internet. Learn more.

Microsoft Sentinel

Microsoft Sentinel is a powerful security platform that helps organizations detect and respond to threats in real-time.

Microsoft Defender for Cloud

Microsoft Defender for Cloud is a powerful security tool that helps organizations protect their cloud environments against a wide range of threats.

Kubernetes

Kubernetes is an open-source system for automating containerized app deployment, scaling, and management. Read more.

Microsoft Azure Bastion

Microsoft Azure Bastion is a service that allows you to securely and seamlessly connect to your Azure virtual machines (VMs) over Remote Desktop Protocol (RDP) and Secure Shell (SSH)

IaaS

IaaS is a cloud model where a provider offers computing, networking, and storage via the internet. Find out more.

Homomorphic Encryption

Homomorphic encryption is an encryption technique that allows users to perform mathematical operations on encrypted data, without accessing the encryption key.

Google Cloud Platform

GCP is a powerful and flexible cloud computing platform that provides businesses with the tools and infrastructure they need to build, deploy, and scale applications and websites quickly and easily.

GCP Secrets Manager

Google Secret Manager is a secure, scalable, and easy-to-use secrets management service provided by Google Cloud Platform

DynamoDB

DynamoDB, provided by Amazon Web Services (AWS), is a completely managed NoSQL database service. Learn more.

Data Security Compliance

Data Security Compliance is a process that defines protocols, procedures and policies to ensure that sensitive data is protected

Data Loss Prevention

Data Loss Prevention refers to tools that prevent employees or users from sending sensitive or confidential data outside the company’s network. Learn more.

Data Engineering

Data engineering is the practice of designing, building, and maintaining the infrastructure and processes needed to store, transform, and analyze data.

Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key block cipher algorithm that was first published by the National Institute of Standards and Technology (NIST) in 1977.

Cloud Vulnerabilities

Cloud vulnerabilities refer to weaknesses or gaps in the security of cloud computing systems that could potentially be exploited

Cloud Security Posture Management

Cloud Security Posture Management (CSPM) refers to security tools that are used to detect misconfiguration and compliance issues in cloud infrastructures. The primary use of CSPM solutions is to constantly monitor cloud infrastructure for any gaps in security measures or compliance issues.