Cloud Computing: our glossary of 25 key words
Encryption ABC's
A new domain, a new language.
Cloud computing represents a new era in computing. It comes with its share of acronyms and new vocabulary. PRIM’X helps you make sense of this increasingly impenetrable jargon!
Anti-DDoS
Distributed Denial of Service (DDoS) attacks use thousands of software agents (bots) to overwhelm a website or application API, thus preventing the legitimate users from accessing it. Anti-DDoS solutions detect and filter all data packets generated by bots.
Managed database
A database is considered managed when hosted and maintained by a third party. This is a key component of cloud providers’ PaaS (Platform as a Service) offerings. The service is invoiced per running time, input/output, and the amount of data stored.
BYOK
An acronym for “Bring your own Key”, an approach to encrypting resources in the cloud in which the company has its own master encryption keys independently of a supplier. It can then implement its own HSM (Hardware Security Module) or choose a managed HSM in the cloud. Important, that doesn’t mean your cloud provider can’t decrypt your data: they have the final encryption keys. In this sense, this technique in no way guarantees confidentiality vis-à-vis the host company.
Hybrid cloud
A hybrid cloud architecture combines so-called on-premise resources installed on machines hosted by the company, with resources located at one or more public and/or private cloud service providers. Some virtualization solutions are available in both on-premise and cloud modes. This facilitates the migration of applications between the two worlds.
Private cloud
Hosting architecture using technical infrastructure owned by the company or by a third party such as a hosting company or colocation service provider. Despite this choice of infrastructure, the private cloud uses elements of industrialization from the public cloud.
Public cloud
Shared running infrastructure providing computing resources on a pay-as-you-go basis. The term covers services such as SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service).
Sovereign cloud
Public cloud infrastructure whose location and regulatory compliance are restricted to a specific geographical area and specific legislation. The proposed resources are protected from extraterritorial laws of other countries, such as the American Patriot Act or the Cloud Act.
Container
A virtualization mode that bundles software and its various components into a package that is easy to deploy from one machine to another. Unlike a virtual machine, the OS doesn’t have to be included in the container.
Edge Computing
A method of deploying IT resources at the edge. As opposed to the public cloud which centralizes resources in giant data centers, Edge advocates deployments as close as possible to needs, to limit network latency in particular.
Geo-replication
Distribution of data across several geographically separate datacenters. Such architecture improves data access performance across different geographical zones, and reinforces their resilience if one of the datacenters is destroyed.
Hyperscaler
Global provider of public cloud solutions. Amazon Web Services, Microsoft Azure, Google Cloud Platform, Alibaba Cloud and OVHcloud are the main hyperscalers on the market.
IaaS (Infrastructure as a Service)
Provision of server instances in the cloud. These instances are generally billed according to the duration of use and the selected power: CPU, RAM memory, presence of a GPU: each element dictates the choice of cloud instance. The installation and maintenance of the OS and all the software are the responsibility of the customer, with the cloud provider simply supplying a virtual machine that meets the company’s requirements.
IAM (Identity Access Management)
An identity and access management platform secures all issues relating to user authorizations. The platform centralizes on-premise and/or cloud access data at a single point. IGA (Identity Governance & Administration) complements IAM with full identity lifecycle management.
KMS (Key Management System)
A key management system that manages encryption key and digital certificate lifecycles. This system can be coupled with an HSM (Hardware Security Module) to store keys with physical security.
Move to Cloud
Project to migrate on-premise IT resources to the public cloud. Several approaches are possible, including refactoring (redesigning the software architecture) of applications or “Lift and Shift”, simply moving the application as is.
Multi-tenant
The ability of a software application to be used by several different customers. The term is mainly used for SaaS applications (see below). It guarantees simplified administration. All solution customers will get software updates at the same time.
Multi-Cloud
A strategy based on the use of several different cloud providers depending on geographical location or the nature of IT resources.
PaaS (Platform as a Service)
Provision by the cloud provider of high-level resources such as application servers, container or database environments. Control of the infrastructure, the OS and these application bricks is the responsibility of the supplier.
SaaS (Software as a Service)
The provision of an application by a cloud provider. Maintenance in operational condition and availability of the software are entirely handled by the solution publisher, and the company only needs to manage the users who access the application.
SASE (Secure Access Service Edge)
A security model formalized by Gartner in which access security is provided through cloud services. Identity management, control of content exchanged on the network. The originality of the model lies in its permanent, “real-time” aspect: access authorizations granted at the time of connection are constantly reassessed.
SecNumCloud
Qualification granted by the ANSSI (French Information Systems Security Agency) to cloud service providers meeting highly complex and demanding specifications. This covers the security, confidentiality and sovereignty aspects of the proposed cloud solutions.
Serverless
Literally “serverless mode”, Serverless consists in using IT resources without the notion of servers. The application consumes computing resources which are billed to the company according to the power actually used. The cloud provider is in charge of automatically provisioning the physical resources required, and the cost is zero when the resources are not used.
S3 object storage
As opposed to file-based storage, object storage allows applications to save data structures directly in the cloud. A service of this type is relevant to Big Data approaches where many types of data need to be stored in the same place. The S3 format, initiated by AWS, has become a de facto standard in the object storage market.
WAF (Web Application Firewall)
Firewall dedicated to protecting web applications. The role of this security brick is key in the cloud to protect the various resources used by company applications. In addition to simple network filtering, WAFs dedicated to cloud protection have been enriched by a host of additional features.
Your turn!
This list of terms will be expanded. Don’t hesitate to let us know about any vocabulary you don’t understand: our experts will give their definitions in the next versions.