Cloud security posture management (CSPM) is an IT security solution that monitors cloud-based systems and infrastructure to pinpoint misconfigurations, compliance violations, and other potential vulnerabilities in cloud services, web applications, and resources. CSPM solutions provide visibility and policy enforcement to reduce overall risk.
Cloud security is a family of security policies, procedures, tools, and technologies designed to protect users, sensitive data, apps, and infrastructure in cloud computing environments. The most comprehensive cloud security solutions span workloads, users, and SaaS resources to protect them from data breaches, malware, and other security threats.
A cloud access security broker (CASB) is an enforcement point that sits between cloud application users and cloud services to provide data protection and threat protection services. CASBs automatically prevent sensitive data leakage, stop malware and other threats, discover and control shadow IT, block risky sharing, enforce security policies such as authentication and alerting, and ensure compliance.
Trusted Internet Connections (TIC) 3.0 is a US federal government program focused on IT modernization and stronger security capabilities in federal network architectures. By encouraging adoption of cloud services and zero trust architecture for greater scalability and operational agility, TIC 3.0 fosters a more flexible, risk-based approach than previous versions of the TIC program, which depended heavily on hub-and-spoke networks and perimeter-centric security.
Workload protection is the aggregate of cloud security controls and protocols that secure workload communications between environments. Interrelated to cloud workload security, workload protection mitigates vulnerabilities caused by inherent security risks such as misconfigurations. It’s also a key element of cloud security posture management (CSPM).
Zero trust architecture is a security architecture built to reduce a network's attack surface, prevent lateral movement of threats, and lower the risk of a data breach based on the zero trust security model. Such a model puts aside the traditional "network perimeter"—inside of which all devices and users are trusted and given broad permissions—in favor of least-privileged access controls, granular microsegmentation, and multifactor authentication (MFA).
A denial-of-service (DoS) attack is a cyberattack in which cybercriminals disrupt the service of an internet-connected host to its intended users. This is done by sending the targeted network or server a constant flood of traffic, such as fraudulent requests, which overwhelms the system and prevents it from processing legitimate traffic.
Infrastructure as code (IaC) security is the embedding of consistent, scalable cloud security coverage that helps to detect misconfiguration in code early in the software development life cycle to prevent vulnerabilities at runtime. It enables organizations to enforce security measures in IaC templates throughout their life cycle, be it in code repositories, continuous integration/continuous delivery (CI/CD) tools, or as early as the developer IDE.
Security as a service (SECaaS) is the delivery of security technologies—traditionally found in enterprise data centers or regional gateways—as a cloud service. With SECaaS, a service provider delivers security solutions such as email security, identity and access management (IAM), endpoint security, incident response, and others through a subscription-based model rather than hardware.
A software-defined wide area network (SD-WAN) is a network service that uses virtualization to connect an organization’s users to workloads across multiple transport services, such as multiprotocol label switching (MPLS) nodes, VPNs, broadband internet, LTE, and other existing network infrastructure. With automated traffic steering to optimize traffic, SD-WAN technology offers an efficient alternative to traditional WAN as organizations migrate away from on-premises data centers.
Multiprotocol label switching (MPLS) is a method of wide area networking (WAN) that routes traffic using labels—not network addresses—to determine the shortest possible path for packet forwarding. It labels each data packet and controls the path it follows rather than sending it from router to router through packet switching. It’s intended to minimize downtime, improve quality of service (QoS), and ensure traffic moves as quickly as possible.
A shared responsibility model is a cloud security and risk framework that delineates which cybersecurity processes and responsibilities lie with a cloud service provider (CSP) and which lie with the customer. With more IT architectures moving to the cloud, a shared responsibility model promotes tighter security and establishes accountability as it relates to the security of the cloud.