Cloud security is broad and complex by nature – but it comes with a lot of specific terms and acronyms. That’s why we put together this continuously growing glossary of cloud security terms.
Use this as a guide to help you unravel the nuances of cloud security and successfully navigate through the field.
Agents are specialized software packages or applications that are deployed to a device or machine to complete security-related actions.
Agent-based security runs agents on your machine and devices. Once deployed, the agents collect data on vulnerabilities and other security flaws, which are sent back for review. Agent-based scanning is ideal for conditions with poor or intermittent network connectivity.
Agentless scanning is a method of inspecting the vulnerabilities of a device without having to install software, instead reaching out from the server to the device.
Application Security (AppSec)
Application security involves the systems and security considerations set in place to protect applications after they are deployed. The goal is to find, fix and prevent cloud security issues.
An attack graph provides security teams with relevant information to protect their systems and network infrastructure from cyberattacks. It typically contains a series of paths, with each path denoting a series of exploits or atomic attacks. These can be used to simulate the possible paths an attacker will use to breach a network.
An attack path is a visual representation of the path that an attacker takes to exploit a weakness in a system. It includes the entire context of related risks and security issues to see and address potential weaknesses.
Attack Path Analysis
Attack path analysis gives a cloud owner a view of imposed risks and assets – specifically those in concern or danger of attack – to help mitigate current cases and prevent attacks from taking place in the future. Attack path analysis can uncover new and unknown risks, rather than those originating from known attack vectors.
Attack Path Engine
An attack path engine is a core graph technology that accurately combined all of the necessary context of a cloud environment and matches it with offensive security research intelligence. It then puts the findings on a graph foundation for consistent and repeat prioritization across a multi-cloud technology stack.
Attack surface is a much broader term than attack vector that describes all the potential vulnerabilities that your environment is susceptible to. It describes anywhere and everywhere that an attacker might be able to gain access, including known, unknown and potential threats.
An attack vector is the method used by an attacker to take advantage of a security mishap existing in a cloud environment with the goal of gaining unauthorized access, taking control of resources, accessing vulnerabilities, or stealing valuable data. Common examples include: stealing or accessing sensitive credentials, elevating access to protected resources via privilege escalation, network misconfigurations that lead to undesired internet exposure, and poor encryption of assets. From there, attackers can use these vectors to gain access to your network through malicious code or other approaches.
Attack Vector Analysis
Attack vector analysis analyzes what security vulnerabilities and attack vectors you have and how attackers could use these to gain unauthorized access to your network.
Amazon Web Services (AWS)
AWS defines itself as “the world’s most comprehensive and broadly adopted cloud platform.” It offers over 200 services from its global data centers. Customers can use this software to build, deploy and manage applications, websites and other processes. Click here to dig deeper into AWS and key terms to understand.
The cloud refers to software and services that run on the Internet, rather than locally on your computer. The cloud affords users the ability to access information on any device with an Internet connection, making it easy to store large volumes of information and making them readily accessible and available across users.
Cloud application refers to any software applications that are deployed in a cloud environment rather than locally on a server or machine.
Cloud architecture refers to the way individual technology components combine to build a cloud. In other words, it is the blueprint for building a cloud that pools and shares resources across a network.
Cloud computing is the delivery of different computing services including servers, storage, databases, networking, software, analytics and intelligence, over the Internet.
Cloud Infrastructure Entitlement Management (CIEM)
Not everyone at an organization needs access to single and multi-cloud environments. CIEM helps companies avoid risks from having too many privileged users.
Cloud-Native Application Protection Platform (CNAPP)
A CNAPP is an all-in-one platform that simplifies monitoring, detecting, and acting on potential cloud security risks and vulnerabilities. It offers the ability to scan all configurations and workloads at the development stage and protect workloads during runtime.
Cloud security refers to a collection of security measures designed to protect cloud-based infrastructure, application, and data. Regulatory data and compliance is considered a component under this umbrella term as well.
Cloud Security Posture Management (CSPM)
CSPM is the name of a group of cloud security tools and technologies that help organizations reduce risks of the cloud. CSPM helps them find errors and misconfigurations, notice security or policy violations through threat detection, and then fix and patch any issues before an attack can occur to cloud services.
Cloud Service Provider (CSP)
A CSP is a third-party that provides cloud-based infrastructure, applications and storage services. Some examples include Google Cloud Platform, Amazon Web Services and Microsoft Azure.
Cloud visibility is the idea of an accurate view of everything that's happening inside your cloud environment, including the users who are accessing the environment, the data and assets bring stored on the cloud, and the movement of traffic, data and policies as you utilize the cloud.
A cloud workload is a specific application, capability or amount of work that can be run on a single cloud resource. Databases, virtual machines and containers are all examples of cloud workloads.
Cloud Workload Protection (CWP)
CWP is the process of continuously monitoring and removing threats from cloud workloads.
Cloud Workload Protection Platform (CWPP)
A CWPP detects and removes threats from a cloud environment. It uses signature-based detection and anomalous behaviors to identify suspicious activity.
Common Vulnerabilities and Exposures (CVE)
A CVE is a list of publicly disclosed computer security flaws. This helps both users and developers understand the risks behind a cloud environment and its configurations. But having no CVEs doesn’t necessarily mean you’re 100% secure. Dig into this concept here.
In cloud security, containers can be used for running both small and large software processes. Every container needs binary codes, libraries, configuration files and more. Container security ensures that every container-based system or workload is protected, including the container image, the running container and all other required steps.
Continuous Integration & Continuous Delivery (CI/CD)
DevOps use CI to create a consistent way to build code and package and test applications. CD then automates the delivery of these applications to infrastructure environments. As application changes move through the CI/CD pipeline, automation can allow changes to happen very quickly, without creating downtime or delays on the customer-side.
Data Leaks & Breaches
A data leak can happen by mistake, while a data breach is a purposeful attack by a hacker who manages to brute force their way into your cloud environment or actively steal data in another way. While you may not be able to stop a data breach, a data leak happens because of a weakness on the inside.
DevOps is the combination of Development and Operations — reflecting the process of integrating these two processes into one more seamless process. This concept effectively unifies the process of software development with the operations teams who deploy and support the code.
DevSecOps stands for development, security and operations. It expands collaboration between security and operations teams to include security teams in software development and delivery.
Directory Traversal Attack
This is a very specific vulnerability that allows an attacker to read certain files that live on a server.
Dynamic Application Security Testing (DAST)
DAST is the process of assessing the security level of a web application through simulated attacks.
Dynamic remediation refers to the guardrails that suit your specific cloud environment, user access, and relevant permissions. These can be customized so that one blanket policy isn't applied to all identities and accounts.
Google Cloud Platform (GCP)
GCP is a suite of cloud computing services that companies can use to manage cloud projects and resources. This web-based interface allows developers to build, deploy and run applications on public, private and hybrid clouds.
A graph is essentially a map of your cloud environment. To create this graph, you need to build an explicit and well-defined relationship table stating all the possible links between assets and how these can be deducted from the data collected. The graph should be a cross-platform graph that contains assets from a multi-cloud environment. Learn more about graph theory here and the application of graph theory – graph technology – here.
Hybrid Cloud Security
Hybrid cloud security refers to the protection of data, applications, and infrastructure across a combination of cloud environments and service providers.
Identity Access Management (IAM)
IAM is a framework that ensures the right users at an organization have access to the necessary technology resources. It allows organizations to manage employee apps without logging in as an administrator — they can maintain or discontinue access remotely.
Indicators of Compromise (IoC)
IoC provide forensic evidence to security professionals and system administrators regarding potential intrusions to a host system or network. Knowing there is a potential attack in process helps developers remediate quickly and accurately.
Infrastructure as Code (IaC)
IaC is the process of managing your cloud infrastructure through textual code, replacing manual and time-consuming processes. With IaC, engineers and developers can manage computer data centers through machine-readable definition files instead of physical hardware configuration. Learn more about IaC security here.
ISO 27001 is the only international standard that defines security management. It is designed to help organizations avoid security threats to their cloud environments.
Kubernetes is an open-source container orchestration system that automates software deployment and management. K8 was originally designed by Google but is now maintained by the Cloud Native Computing Foundation. New to K8? Watch this webinar for the basics!
Kubernetes Security Posture Management (KSPM)
KSPM is the tools and practices needed to automate security and compliances across K8 clusters. It constantly scans and validates to ensure that best practices are being met.
Lateral movement in cybersecurity refers to the movement of an attacker when they are able to gain access to one part of a network and then attempt to move deeper into the rest of the network.
Least-Privileged Access (LPA)
LPA limits user access with a specific focus on system administrators. LPA ensures that only the necessary administrators have access to a system and aims to keep the number of users very low.
Log4Shell was a software vulnerability in Log4J, an open-source logging utility used by an enormous array of enterprise software, applications, and cloud services. This vulnerability is highly dangerous because it’s considered easy to exploit.
Malware is a catch-all term that refers to viruses, trojans, and other destructive computer programs hackers use to infect systems and networks to gain access to sensitive information.
Azure is a public cloud computing platform that includes solutions developers can use for analytics, virtual computing, storage, networking and more. Check out key terms specific to Azure cloud security here.
National Vulnerability Database (NVD)
The NVD is the U.S. government repository of standard-based vulnerability information. This highly valuable data enables the automation of vulnerability management, security measurement and compliance. All vulnerabilities are assigned CVEs so cloud security professionals can learn about them and use them to prepare for the future.
Path Traversal Attack
This is an attack that occurs when a hacker gains access to files and directories that are stored outside of the web root folder.
Principal of Least Privilege (PoLP)
The PoLP states that users should only be given the minimum privileges necessary to complete their tasks, improving security, reducing liability, increasing audit readiness, and preventing common attacks.
Remediation is the process of resolving threats to a cloud environment.
Root Cause Analysis (RCA)
RCA is the process of ultimately identifying the root problem of a vulnerability or risk. This process often includes looking closely at connected attack paths and removing the root cause so that attackers can't exploit an environment.
Runtime protection is the process of detecting and blocking attacks from insight a running software. Runtime application self-protection is a technology that runs on a server and starts when an application is running to detect application attacks in real-time.
Service Organization Control 2 (SOC 2)
SOC 2 is an important compliance framework developed by the American Institute of Certified Public Accountants (AICPA). A SOC 2 report evaluates the security controls an organization uses and provides detailed information and assurance about those controls relevant to the AICPA Trust Services Criteria (TSC). While not necessarily a legal requirement, a SOC 2 report is considered table stakes in the SaaS industry.
Terraform is used for building, modifying and versioning your cloud infrastructure in a secure and efficient way, using IaC. It can be utilized to access an execution plan from initial state through to any desired infrastructure, making the changes and then keeping a log of what has been changed.
Trust Services Criteria (TSC)
The SOC 2 Trust Services Criteria (TSC) is a framework for implementing and monitoring technical system controls, ensuring that your application can secure customer data and be up and running when they need it. The TSC principles are organized by: security, availability, processing integrity, confidentiality, and privacy.
Workload scanning helps organizations discover and remediate security threats in their cloud deployments.
These definitions of key cloud security terms simplify many of the nuances in the field. Let us know if you have any questions or need help with a term not listed here!
With this list as your backup, you’ll feel confident using these terms in any security conversation.