Cloud Security Glossary
A plain-language reference for cloud security terms across AWS, Azure, and Google Cloud.
39 terms across 10 categories
Core Concepts
Cloud Security
Set of policies, technologies, and controls designed to protect cloud-based systems, data, and infrastructure from cyber threats.
Shared Responsibility Model
Security framework where cloud provider secures the infrastructure while customer secures their data, applications, and configurations.
Cloud Security Posture Management (CSPM)
Automated tools and processes that identify misconfigurations and compliance violations in cloud environments.
Zero Trust Network Access (ZTNA)
Security model that requires verification for every user and device before granting network access, regardless of location.
Multi-Cloud Security
Security strategies and tools designed to protect workloads and data across multiple cloud providers (AWS, Azure, GCP).
Cloud Workload Protection Platform (CWPP)
Security solution designed to protect workloads in cloud environments, including VMs, containers, and serverless functions.
Access Control
IAM (Identity and Access Management)
Framework for managing digital identities and controlling access to cloud resources based on user roles and permissions.
RBAC (Role-Based Access Control)
Access control method that assigns permissions to users based on their role within an organisation.
MFA (Multi-Factor Authentication)
Security method requiring two or more verification factors to gain access to cloud resources.
SSO (Single Sign-On)
Authentication service allowing users to access multiple applications with one set of login credentials.
Privileged Access Management (PAM)
Security strategy for controlling and monitoring access to critical systems and sensitive data by privileged users.
Network Security
VPC (Virtual Private Cloud)
Isolated section of cloud infrastructure where you can launch resources in a logically separated network.
Network Segmentation
Practice of dividing network into smaller segments to limit attack spread and improve security monitoring.
Web Application Firewall (WAF)
Security solution that monitors HTTP traffic between web applications and the internet to block malicious requests.
DDoS Protection
Security measures designed to protect against Distributed Denial of Service attacks that overwhelm systems with traffic.
VPN (Virtual Private Network)
Encrypted connection between networks that allows secure communication over public internet infrastructure.
Data Protection
Encryption at Rest
Data protection method that encrypts stored data to prevent unauthorized access even if storage media is compromised.
Encryption in Transit
Data protection method that encrypts data while it moves between systems, applications, or networks.
Key Management Service (KMS)
Cloud service for creating, managing, and controlling cryptographic keys used for data encryption.
Data Loss Prevention (DLP)
Security strategy and tools designed to prevent sensitive data from leaving the organisation unauthorized.
Data Classification
Process of organizing data by sensitivity level to apply appropriate security controls and access restrictions.
Application Security
Container Security
Security practices for protecting containerized applications including image scanning, runtime protection, and orchestration security.
Serverless Security
Security considerations specific to serverless computing including function-level permissions and event-driven vulnerabilities.
API Security
Security measures for protecting Application Programming Interfaces from attacks and unauthorized access.
DevSecOps
Practice of integrating security testing and controls throughout the software development and deployment process.
AWS Security Services
AWS GuardDuty
Amazon's threat detection service that monitors for malicious activity and unauthorized behavior in AWS accounts.
AWS CloudTrail
AWS service that logs API calls and user activity for governance, compliance, and security analysis.
AWS Config
AWS service that tracks resource configurations and evaluates compliance against desired configurations.
AWS Security Hub
Centralized dashboard for managing security findings from multiple AWS security services and third-party tools.
Azure Security Services
Azure Security Center
Microsoft's unified security management system providing threat protection across hybrid cloud workloads.
Azure Sentinel
Microsoft's cloud-native SIEM (Security Information and Event Management) solution for threat detection and response.
GCP Security Services
Google Cloud Security Command Center
Google's centralized security and risk management platform for Google Cloud Platform resources.
Monitoring & Response
Security Incident and Event Management (SIEM)
Technology that aggregates and analyzes security data from multiple sources to detect threats and support incident response.
Security Orchestration, Automation and Response (SOAR)
Technologies that automate security operations tasks and orchestrate responses to security incidents.
Cloud Security Monitoring
Continuous observation of cloud infrastructure and applications to detect security threats and compliance violations.
Risk Management
Vulnerability Assessment
Systematic examination of systems to identify security weaknesses that could be exploited by attackers.
Penetration Testing
Authorized simulated cyber attack against cloud infrastructure to evaluate security posture and identify vulnerabilities.
Cloud Security Audit
Systematic examination of cloud security controls, configurations, and practices against established standards and regulations.
Risk Assessment
Process of identifying, analyzing, and evaluating security risks to cloud infrastructure and applications.
Need Help Applying These Controls in Your Environment?
Work with a senior team to turn cloud security concepts into practical controls for your AWS, Azure, or Google Cloud stack.
See Cloud Security Services