Knowledge Center Links

link to blogs
link to blog talk radio
link to newsletters
link to frequently asked questions
link to cloud security
link to white papers
link to cloud cube
link to current events
link to important websites

Glossary of Cloud terms and acronyms

pile of reference books

These are some of the terms we have used or been asked about in our seminars, training classes, workshops and assessment services. Like everything else about the Cloud, you may find alternate "definitions" of these terms in other sources. The Cloud is relatively new and rapidly evolving. New terms are constantly appearing, and the meanings of older terms sometimes morph as new technology and processes are developed by the companies and individuals leading the Cloud evolution. If you would like to suggest additional terms for our glossary, have corrections or better definitions, or any other comments, please use our Contact Us form, or email us at

When there is a common acronym, the entries in this table are alphabetical by the acronym instead of the longer form. For example, the entry "RNG (Random Number Generator)" is ordered by "RNG" and not "Random."


  1. 1 21CFR Part 11
  2. 2 AES (Advanced Encryption Standard)
  3. 3 API (Application Program Interface)
  4. 4 Archive
  5. 5 Asymmetric Key
  6. 6 Availability
  7. 7 BPaaS (Business Process as a Service)
  8. 8 BPO (Business Process Outsourcing)
  9. 9 Business Continuance
  10. 10 CAPEX (Capital Expenditure)
  11. 11 CCV (Credit card validation number)
  12. 12 Cloud
  13. 13 Cloud Burst
  14. 14 Cloud Computing
  15. 15 Cloud-in-a-Box
  16. 16 Cloud Mashup
  17. 17 Cloud Portability
  18. 18 Cloud Service Provider
  19. 19 Cloud Services
  20. 20 Cloud Spanning
  21. 21 Cloudsourcing
  22. 22 Cloudstorming
  23. 23 Cloudware
  24. 24 COA (Cloud Oriented Architecture)
  25. 25 Community Cloud
  26. 26 Compliance
  27. 27 Confidentiality
  28. 28 Continuous Operations
  29. 29 COOP (Continuity of Operations Plan)
  30. 30 COTS (Commercial Off the Shelf)
  31. 31 CSA (Cloud Service Architecture)
  32. 32 CSP (Cloud Service Provider)
  33. 33 DaR (Data at Rest)
  34. 34 DARPA
  35. 35 Data-in-Process
  36. 36 DCT (Data Center Transformation)
  37. 37 DES Data Encryption Standard)
  38. 38 DiM (Data in Motion)
  39. 39 Discovery Order
  40. 40 DoS (Denial of Service)
  41. 41 DPD (Data Protection Directive)
  42. 42 DR (Disaster Recovery)
  43. 43 DRaaS (Disaster Recovery as a Service)
  44. 44 DRP (Disaster Recovery Planning)
  45. 45 EHR (Electronic Health Record.)
  46. 46 Encryption
  47. 47 EPHI (Electronic Private Health Information.)
  48. 48 EPR (Electronic Patient Record.)
  49. 49 External Cloud
  50. 50 FIPS (Federal Information Processing)
  51. 51 FISMA (Federal Information Security Management Act.)
  52. 52 Forensics
  53. 53 FTE (Full-Time Equivalent)
  54. 54 Gartner
  55. 55 GLBA (Gramm-Leach Bliley Act)
  56. 56 HaaS (Hardware as a Service)
  57. 57 HIPAA (Health Insurance Portability and Accountability Act)
  58. 58 HITECH (Health Information Technology for Economic and Clinical Health Act.)
  59. 59 HPC (High Performance Computing)
  60. 60 Hybrid Cloud
  61. 61 IaaS (Infrastructure as a Service)
  62. 62 IDA (Information Dispersal Algorithm)
  63. 63 IDC (International Data Corporation)
  64. 64 ILM (Information Lifecycle Management)
  65. 65 Integrity
  66. 66 Intercloud
  67. 67 IP (Internet Protocol)
  68. 68 IPSEC (Internet Protocol Security)
  69. 69 IT (Information Technology)
  70. 70 LAN (Local Area Network)
  71. 71 MAC (Message Authentication Code)
  72. 72 Malware
  73. 73 MITS (Management of Information Technology Security)
  74. 74 MRC (Mission Resilient Cloud)
  75. 75 NAS (Network Attached Storage)
  76. 76 NIST (National Institute of Standards and Technology)
  77. 77 NOC (Network Operations Center)
  78. 78 NSA (National Security Administration)
  79. 79 OPEX (Operating Expenditure)
  80. 80 PaaS (Platform as a Service)
  81. 81 PAN (Principle Account Number)
  82. 82 Pay-As-You-Go
  83. 83 Pay-For-Use
  84. 84 PCI-DSS (Payment Card Industry Data Security Standard)
  85. 85 PCI SSC (Payment Card Industry Security Standards Council)
  86. 86 Pilot
  87. 87 PIN (Personal Identification Number)
  88. 88 PIPEDA
  89. 89 PKI (Public Key Infrastructure)
  90. 90 POC (Proof of Concept)
  91. 91 Privacy Laws
  92. 92 Private Cloud
  93. 93 PRNG (Pseudo-Random Number Generator)
  94. 94 PSS (Perfect Secret Sharing)
  95. 95 Public Cloud
  96. 96 Public Key
  97. 97 QoS (Quality of Service)
  98. 98 QSA (Qualified Security Assessor)
  99. 99 RCSS (Robust Computational Secret Sharing)
  100. 100 Re-encrypt
  101. 101 Rekey
  102. 102 RFI (Request for Information)
  103. 103 RFP (Request for Proposal)
  104. 104 RFQ (Request for Quote)
  105. 105 RNG (Random Number Generator)
  106. 106 ROI (Return on Investment)
  107. 107 RPO (Recovery-Point Objectives)
  108. 108 RSA (Rivest-Shamir-Adleman)
  109. 109 RTO (Recovery-Time Objectives)
  110. 110 SaaS (Software as a Service)
  111. 111 SAN (Storage Area Network)
  112. 112 SDLC (Software Development Life Cycle)
  113. 113 Secret Sharing
  114. 114 SHA (Secure Hash Algorithm)
  115. 115 Shared Resources
  116. 116 Shared Secret
  117. 117 SLA (Service Level Agreement)
  118. 118 SOA (Service-Oriented Architecture)
  119. 119 SOAP (Simple Object Access Protocol)
  120. 120 SOC (Security Operations Center)
  121. 121 Social Media
  122. 122 SOX (Sarbanes–Oxley Act)
  123. 123 SSL (Secure Socket Layer)
  124. 124 ST&E (Security Test and Evaluation)
  125. 125 Symmetric Key
  126. 126 TCO (Total Cost of Ownership)
  127. 127 TCP (Transmission Control Protocol)
  128. 128 UCaaS (Unified Communication as a Service)
  129. 129 UDP (User Datagram Protocol)
  130. 130 Usage-Based Pricing
  131. 131 Utility Pricing
  132. 132 Vertical Cloud
  133. 133 Virtual Image
  134. 134 Virtualization
  135. 135 VM (Virtual Machine)
  136. 136 VOaaS (Virtual Office as a Service)
  137. 137 VOIP (Voice over Internet Protocol)
  138. 138 VOSIP (Voice over Secure Internet Protocol)
  139. 139 VPC (Virtual Private Cloud)
  140. 140 VPN (Virtual Private Network)
  141. 141 VSS (Verifiable Secret Sharing)
  142. 142 WAN (Wide Area Network)
  143. 143 Web 2.0
  144. 144 WEB API
  145. 145 WebEx
  146. 146 Web-based Applications
  147. 147 Web Service
  148. 148 XaaS (X as a Service)
  149. 149 XML (Extensible Markup Language)

  • 21CFR Part 11

    Part 11 of Title 21 of the United States Code of Federal Regulation, sometimes abbreviated "21CFR11," is the US Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures that defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Part 11 requires industries like drug makers, medical device manufacturers, and biotech companies to implement controls over their electronic records and signatures.
  • [back to top]

  • AES (Advanced Encryption Standard)

    FIPS 197, NIST 800-38A
    Also known as Rijndael, AES is a block cipher encryption standard adopted by the U.S. and other governments. It has been analyzed extensively and is now used widely worldwide. AES is one of the most popular algorithms used in Symmetric Key cryptography. “AES” is often followed by a number, as “AES-256”, which indicates the length of the key in bits.
  • [back to top]

  • API (Application Program Interface)

    An API is how one computer process (software) communicates with another. APIs may be standardized by industry agreement or government fiat, or proprietary to a specific application or vendor. The scope of the term API can vary based on its usage. It may refer to a single “call” by which one application can request information for another, the set of such calls for an application such as Google Maps, or the collection of all such application APIs used by an organization. In Cloud environments this is sometimes referred to as "Web API."
  • [back to top]

  • Archive

    An archive is a collection of historical records, sometimes including the place where they are stored. In IT, an archive refers to the electronic records that an organization maintains for historical records. How long a particular document or file is stored depends on regulations, laws, and corporate procedures. Archival storage is different from backup storage or other copies of current data for disaster recovery purposes.
  • [back to top]

  • Asymmetric Key

    Also known as public-key cryptography or public-key encryption. Unlike Symmetric Key encryption algorithms, asymmetric key encryption does not require a secure initial exchange of a key. The asymmetric key algorithms create a pair of keys: a secret private key and a published public key. A message or document encrypted with the private key can only be decrypted with the public key, and a message or document encrypted with the public key can only be decrypted with the private key. The receiver can verify the authenticity of a message encrypted with the sender's private key by using the sender's public key. If you send a message encrypted using someone's public key, then you know that only that person will be able to decrypt the message using his private key. Both of you will know the message was not altered. All of this only works if the private key is kept private.
  • [back to top]

  • Availability

    One of the three top concerns of those responsible for data security. Availability means that the data is available when it is needed. See also Confidentiality and Integrity.
  • [back to top]

  • BPaaS (Business Process as a Service)

    BPaaS is BPO run as a Cloud service. For example, human resources as a service. See also XaaS.
  • [back to top]

  • BPO (Business Process Outsourcing)

    Business process outsourcing is a form of outsourcing that involves the contracting the operations and responsibility of a specific business function or process to as third party service provider.
  • [back to top]

  • Business Continuance

    (See Disaster Recovery).
  • [back to top]

  • CAPEX (Capital Expenditure)

    A capital expenditure is when a business spends money to buy fixed assets or to add value to an existing fixed asset. Fixed assets have a useful life that extends beyond the taxable year. Most organizations have a minimum cost to designate a fixed asset. Capital expenditures cannot be deducted in the year they are incurred, but must be capitalized (depreciated) over years. For example, buying a copier is a capital expense, but buying the paper and toner are operational expenses. See also OPEX.
  • [back to top]

  • CCV (Credit card validation number)

    The CCV is also known as the CSC (Card Security Code), CVD (Card Verificaiton Data), CVV or CVV2 (Card Verfication Value), or CVVC (Card Verification Value Code). CVV is a three- or four-digit number printed on the card, but not encoded in the card's magnetic strip. It is usually printed on the back, but American Express prints it on the front of the card.
  • [back to top]

  • Cloud

    "Cloud" often refers to "Cloud Computing" but the simplest definition of "Cloud" is that it is the Internet, the infrastructure that allows vendors to supply computing, platform, software and services to their customers on a pay-as-you go utility model.
  • [back to top]

  • Cloud Burst

    Cloud Burst has two meanings: one positive, and one negative.

    Positive: Cloud Burst, or Cloud Bursting, is the process of using Cloud Computing to handle excess demand or demand bursts beyond what your own data center or Private Cloud can support. Normally, your own infrastructure handles all of your processing, but when excess demand occurs due to special sales activity, seasonal spikes, or other market drivers exceed the capacity of your data center you automatically shift that excess load to the Public Cloud. This mechanism is almost always substantially less expensive than increasing your own infrastructure to support the burst. See also Hybrid Cloud.

    Negative: The failure of a Cloud Computing environment due to its inability to handle demand bursts.
  • [back to top]

  • Cloud Computing

    Cloud computing uses the Internet to share resources, software and information on-demand, much like a public utility allows many people to share the same water or power system, paying only for what they need.
  • [back to top]

  • Cloud-in-a-Box

    Some companies offer a pre-packaged set of physical equipment including servers and storage configured to provide a Private Cloud environment. Often, the equipment comes in a single equipment rack, thus the "Cloud-in-a-Box" designation. While not really a Cloud implementation (since it doesn't provide "instant" scaling beyond the initial configuration capability), it is a good way to test a specific Cloud implementation prior to actually moving it to a Cloud Service Provider.
  • [back to top]

  • Cloud Mashup

    A cloud mashup occurs when one Cloud Service Provider uses another Cloud Service Provider internally as part of their offerings. This is, clearly, what the Cloud is all about, but it does complicate the security aspects that the Cloud customer needs to evaluate. See also Intercloud.
  • [back to top]

  • Cloud Portability

    Cloud portability is being able to easily move applications or other services from one Cloud Service Provider to another, or back to your own data center.
  • [back to top]

  • Cloud Service Provider

    (See CSP.)
  • [back to top]

  • Cloud Services

    Cloud Services are those consulting services provided by independent consulting organizations or by Cloud Service Providers to facilitate migration to the Cloud and the management of the Cloud for your business.
  • [back to top]

  • Cloud Spanning

    Cloud Spanning is running an application such that different component straddle multiple Private and/or Public Cloud environments.
  • [back to top]

  • Cloudsourcing

    Cloudsourcing is running complete solutions for your business in the Public Cloud. The provider of Cloudsourcing products typically provides complete solutions including infrastructure, platform, and applications as a service. Cloudsourcing is an extension of business process outsourcing.
  • [back to top]

  • Cloudstorming

    Cloudstorming is the act of connecting multiple Cloud Computing environments.
  • [back to top]

  • Cloudware

    Cloudware is software that runs in or comes from the Cloud, usually referring to web-based applications. Is is also sometimes used to refer to the platform that is in the Cloud in a PaaS environment.
  • [back to top]

  • COA (Cloud Oriented Architecture)

    A Cloud Oriented Architecture is an architecture for IT infrastructure and software applications that is optimized for use in cloud computing environments.
  • [back to top]

  • Community Cloud

    The Community Cloud is a Public Cloud that is limited to a specific set of organizations with similar security requirements. They can share infrastructure or even software solutions and realize the financial and agility benefits of Cloud Computing. Since there are fewer users to share the costs, this option is more expensive than a standard Public Cloud but less costly than each organization going it alone. By focusing on a single set of requirements, the Community Cloud CSP can offer a higher level of privacy, security and policy compliance. Perhaps more importantly, the CSP can have the trained staff that understands these security requirements thus providing a more secure and consistent environment than each individual organization can likely afford. See also Private Cloud, Hybrid Cloud.
  • [back to top]

  • Compliance

    Compliance is the requirement that an organization meet the security requirements of the various privacy laws and other compliance directives and laws that apply to the organization's data.
  • [back to top]

  • Confidentiality

    One of the three top concerns of those responsible for data security. Confidentiality means that the data can be seen only by those people and process that are allowed to see it. In some environments, this is made of two separate components: "right to know" and "need to know." "Right to know" means that the individual has the appropriate clearance authorization or has the correct role in the organization. "Need to know" means that the individual is actually working on a project that requires access to this data. Both "right to know" and "need to know" are required. See also Availability and Integrity.
  • [back to top]

  • Continuous Operations

    Continuous Operations is the ability for IT services to be always on and available to provide survival of operations in the case of catastrophic events.
  • [back to top]

  • COOP (Continuity of Operations Plan)

    The COOP refers to the preparations and institutions maintained by an organization providing survival of operations in the case of catastrophic events. This term is usually used by government organizations.
  • [back to top]

  • COTS (Commercial Off the Shelf)

    COTS is a term for software or hardware, generally technology or computer products, that are ready-made and available for sale, lease, or license to the general public. They are often used as alternatives to one-off development projects either in-house, through consultants, or through contracts with suppliers. The use of COTS is often mandated in many organizations as they may offer significant savings in procurement and maintenance cost, and in the time it takes to deploy the solution.  On the negative side, COTS by definition are not designed for one specific organization, and often the organization has to balance the cost of changing processes to match the product or not getting exactly the results they desire.
  • [back to top]

  • CSA (Cloud Service Architecture)

    The Cloud Service Architecture is the architecture that allows multiple services in the Cloud to communicate with each other. The CSA might be defined by a Cloud Service Provider or by an application or operating environment vendor.
  • [back to top]

  • CSP (Cloud Service Provider)

    A Cloud Service Provider is a vendor who provides all or part of a particular Cloud implementation. It could be the infrastructure, platform, and/or applications or the tools or services to manage that implementation.
  • [back to top]

  • DaR (Data at Rest)

    DAR refers to the data that is being stored somewhere. The data could be stored on physically fixed environments like a storage area network (SAN), network attached storage (NAS), or local disk, on readily movable devices like thumb drives and CD/DVD media, or stored remotely for Business Continuance, Disaster Recovery or Archive.
  • [back to top]


    DARPA is the Defense Advanced Research Projects Agency, part of the US Department of Defense. It is primary US military research agency, originally established in 1958 to prevent technological surprises like the Soviet launch of Sputnik. One of best know projects with ARPANET, which grew into the Internet.
  • [back to top]

  • Data-in-Process

    Data in process refers to data while it is actually in a server or workstation. This is data that is in the actual processor registers or stack, the cache, and the memory. Over most of the history of IT, data-in-process has not been a security concern. However, with the Cloud, the physical servers are no longer under your physical control. Memory dumps, audits, and virtualization problems can expose data-in-process to attack.
  • [back to top]

  • DCT (Data Center Transformation)

    Data center transformation is the process by which the existing data center infrastructure can be used more effectively by technique like virtualization of compute and storage resources, with the potential to significantly reduce the cost of the infrastructure and increase the flexibility to respond to workload distribution changes.
  • [back to top]

  • DES Data Encryption Standard)

    DES is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard for the United States in 1976, and which has subsequently enjoyed widespread use internationally. The algorithm was initially controversial, with classified design elements, a relatively short key length, and suspicions about a government backdoor. DES consequently came under intense academic scrutiny, and motivated the modern understanding of block ciphers and their cryptanalysis. DES is now considered to be insecure for many applications. DES keys have been broken in less than 24 hours.  DES has largely been replaced by AES.
  • [back to top]

  • DiM (Data in Motion)

    DiM refers to data as it is moving through a network, whether a local network, a WAN (wide-area network), or the Internet. Network connections can be wired required a physical connection to communicate or wireless requiring proximity to a transmitter/receiver. With satellites, “proximity” could mean “anywhere between the Arctic Circle and the Antarctic circle.”
  • [back to top]

  • Discovery Order

    A Discovery Order is an order from a court requiring that an organization respond with all of the information related to a specific event or contract. Discovery Orders almost always include information stored in computer systems, including backup, audit and archive media.
  • [back to top]

  • DoS (Denial of Service)

    Sometimes referred to as a DDoS (Distributed Denial of Service). DoS is an attack on a computer resource to make that resource unavailable to its intended users. There are many forms of a DoS attack, but the intent is to prevent an Internet site or service from functioning efficiently or not at all. DoS attacks are real attacks against an organization directed by individuals, organizations or often governments. Even if your organization is not the target of a DoS attack, you can be significantly impacted if one of your Cloud partners is attacked.
  • [back to top]

  • DPD (Data Protection Directive)

    (European Union). The EU Data Protection Directive is the overall EU privacy and human rights legislation. It includes regulations on cross-border transfer of personal data, especially outside of the EU. It's seven principles are:
    • Give notice when data is collected
    • Use only for the purpose collected
    • Obtain consent before disclosure
    • Keep secure from potential abuse
    • Must disclose who is collecting
    • Subject is allowed access and ability to correct
    • Hold collectors accountable for these principles
    • .
    ~ {back to top} ~
  • DR (Disaster Recovery)

    DR is the ability to restore access to records, data, hardware and software necessary to resume critical business operations after a disaster.  There are facility disasters (e.g., fire in the building, bomb threats), local disasters (e.g., power outages, floods, earthquakes), and regional disasters (e.g., hurricanes [Hurricane Katrina was 500 miles wide], electrical grid failures).  The cost to guarantee that you can resume operations usually increases as the distance and number of disaster recovery centers increases. Sometimes referred to as “Business Continuance” or “Continuous Operations.”
  • [back to top]

  • DRaaS (Disaster Recovery as a Service)

    DRaaS provides disaster recovery services in the Cloud. It can be provided as either a Private Cloud or a Public Cloud solution. See also XaaS.
  • [back to top]

  • DRP (Disaster Recovery Planning)

    DRP is the process, policies and procedures necessary to implement a disaster recovery solution.
  • [back to top]

  • EHR (Electronic Health Record.)

    (See EPHI.)
  • [back to top]

  • Encryption

    Encryption is the process of transforming information (plaintext) in such a way as to make it unreadable (ciphertext) to anyone except those possessing a key.
  • [back to top]

  • EPHI (Electronic Private Health Information.)

    Sometimes just EHR (Electronic Health Record) or EPR (Electronic Patient Record) is the systematic collection of electronic health information about individual patients. This information is protected in the U.S.A. by HIPAA and HITECH.
  • [back to top]

  • EPR (Electronic Patient Record.)

    (See EPHI.)
  • [back to top]

  • External Cloud

    Another name for the Public Cloud.
  • [back to top]

  • FIPS (Federal Information Processing)

    FIPS are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors.
  • [back to top]

  • FISMA (Federal Information Security Management Act.)

    (U.S.A.) The Federal Information Security Management Act of 2002 recognizes the connection between economic security and national security.. It defines a framework for information security for all systems operated by the US government, or by contractors for the government. All systems must be certified and monitored.
  • [back to top]

  • Forensics

    (As related to a data security breach) "Forensics" (or "computer forensics") examines a computer environment to determine what happened, how to rid the computer systems of the cause, and what data has definitely and/or potentially been compromised. Significant forensics investigation must often be performed in order to know whether a law or compliance requirement has been broken, and what action must be taken in response to that breach.
  • [back to top]

  • FTE (Full-Time Equivalent)

    One FTE is the work done by one person working full time. A project that takes 3 FTEs could possibly be done by one person in 3 years, 3 people in one year, 9 people in 4 months, or 6 people each working half time in one year. It does not matter whether the people are full-time or part-time employees, or contractors.
  • [back to top]

  • Gartner

    Gartner, Inc. is the world's leading information technology research and advisory company. We deliver the technology-related insights necessary for our clients to make the right decisions, every day."
  • [back to top]

  • GLBA (Gramm-Leach Bliley Act)

    (U.S.A.) The Gramm-Leach Bliley Act is also known as the Financial Services Modernization Act of 1999. It protects non-public personal information, and imposes criminal and financial penalties for failure to adhere to the act. GLBLA is what causes you go get those "Our Privacy Policy" letters and emails.
  • [back to top]

  • HaaS (Hardware as a Service)

    Another term for IaaS. See also XaaS.
  • [back to top]

  • HIPAA (Health Insurance Portability and Accountability Act)

    HIPAA was passed by the US Congress in 1996 to protects health insurance coverage for workers and their families when a worker changes job, requires the establishment of national standards for electronic health care transactions, and addresses the security and privacy of personal health data. Wikipedia has a good overview including references, and the full text is available.
  • [back to top]

  • HITECH (Health Information Technology for Economic and Clinical Health Act.)

    (U.S.A.) HITECH covers the security of transmission of EPHI (electronic private health information.).
  • [back to top]

  • HPC (High Performance Computing)

    HPC covers the infrastructure needed to solve very difficult computation problems, often for scientific research. HPC solutions include supercomputers and clusters of hundreds or thousands of individual computers, including solutions that consolidate the power of computers across the Cloud.
  • [back to top]

  • Hybrid Cloud

    The Hybrid cloud environment consists of multiple Private Cloud and Public Cloud environments. By integrating multiple Cloud services, you can take advantage of Public Cloud services where appropriate and use Private Cloud services where security, performance or availability constraints require more control.
  • [back to top]

  • IaaS (Infrastructure as a Service)

    Infrastructure as a Service (sometimes referred to Hardware as a Service or HaaS) is a provisioning model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. See also XaaS.
  • [back to top]

  • IDA (Information Dispersal Algorithm)

    An IDA is a method to slice data into pieces so that when data is moving in a network or stationary in storage, it is unrecognizable unless the user has the right key(s) and also has sufficient slices. The slices can be at the bit level or the byte level.
  • [back to top]

  • IDC (International Data Corporation)

    International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy."
  • [back to top]

  • ILM (Information Lifecycle Management)

    ILM is the practice of applying policies to the management of information. It includes defining the useful life of specific types of data, based on the content of the data, and what is to be done with the data when it has come to the end of its useful life. ILM policies include who is permitted to view data, who is permitted to modify data, any special requirements for the storage of the data (e.g., encryption).
  • [back to top]

  • Integrity

    One of the three top concerns of those responsible for data security. Integrity means that the data has not been inappropriately modified since it was created. It means that Data-in-Motion arrives unchanged, and Data-at-Rest has not changed except by appropriate processes. At a minimum, it requires that any unauthorized modification is detected. See also Confidentiality and Availability.
  • [back to top]

  • Intercloud

    The Intercloud is an interconnected global "cloud of clouds." Trend Micro has applied for a US Trademark on the term. See also Cloud Mashup and Cloud Spanning.
  • [back to top]

  • IP (Internet Protocol)

    The network protocol used by the Internet. See also TCP.
  • [back to top]

  • IPSEC (Internet Protocol Security)

    IPsec is a suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each packet in a data stream. IPsec also includes protocols for cryptographic key establishment.
  • [back to top]

  • IT (Information Technology)

    IT is the study, design, development, implementation, support and management of the computer-based information systems, particularly software applications and the computer hardware on which they operate. IT is responsible for the use of computers and software to convert, store, protect, process, transmit and retrieve information.
  • [back to top]

  • LAN (Local Area Network)

    A LAN is a computer network that covers a limited physical area, usually no larger than a single building.
  • [back to top]

  • MAC (Message Authentication Code)

    A cryptographic MAC is a short piece of information used to authenticate a message and insure that the message was not changed. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. A MAC can be applied to Data-in-Motion across a network or Data-at-Rest in some storage environment.
  • [back to top]

  • Malware

    Malware, short for malicious software, is software deliberately designed to secretly access a computer system without the user's consent. That access could be to steal information from the computer or to actually damage the data stored on or accessible from the computer. Malware is the generic term that covers all malicious software, including viruses, worms, trojan horses, and spyware.
  • [back to top]

  • MITS (Management of Information Technology Security)

    (Canada) MITS “safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information” of the Canadian government..
  • [back to top]

  • MRC (Mission Resilient Cloud)

    A Mission Resilent Cloud is one that can survive signficiant failures in the network that is supporting the Cloud. Currently, the primary reserach effort is in the military environment under a DARPA project.
  • [back to top]

  • NAS (Network Attached Storage)

    NAS stores data-at-rest. NAS is hard disk storage that is set up with its own network address rather than being attached to the department computer that is serving applications to a network's workstation users. NAS accesses storage at the file level so has restrictions on the type of applications that can use it. See also SAN.
  • [back to top]

  • NIST (National Institute of Standards and Technology)

    The NIST, known formerly as the National Bureau of Standards, is a non-regulatory agency of the United States Department of Commerce. The institute's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life.
  • [back to top]

  • NOC (Network Operations Center)

    The NOC is one or more locations from which control a communications network. A NOC monitors the network for alarms or other conditions that may impact the network's performance.
  • [back to top]

  • NSA (National Security Administration)

    The NSA is the United States government's cryptologic intelligence agency, administered under the U.S. Department of Defense.
  • [back to top]

  • OPEX (Operating Expenditure)

    An operating expenditure is an ongoing cost for running a business. It excludes the purchase of a fixed asset (a capital expense). Operating expenditures can be deducted in the year they are incurred. For example, buying a copier is a capital expense, but buying the paper and toner are operational expenses. See also CAPEX.
  • [back to top]

  • PaaS (Platform as a Service)

    Platform as a Service (PaaS) is a paradigm for delivering the computing platform and a software solution stack as a service over the Internet without downloads or installation. PaaS is sometimes called "cloudware" because it moves resources from privately owned computers into the Cloud. It’s a platform that includes all the systems and environments comprising the end-to-end life cycle of developing, testing, deploying and hosting web applications to fully leverage existing services within the Cloud. In other words, PaaS offerings facilitate the deployment of applications without the cost and complexity of buying and managing the underlying hardware or software and provisioning hosting capabilities.
  • [back to top]

  • PAN (Principle Account Number)

    The 16-digit number on the front of a credit card. Assuring the privacy of PANs is part of the PCI DSS.
  • [back to top]

  • Pay-As-You-Go

    See Utility Pricing.
  • [back to top]

  • Pay-For-Use

    See Utility Pricing.
  • [back to top]

  • PCI-DSS (Payment Card Industry Data Security Standard)

    PCI DSS is a security standard developed by PCI SSC aimed at protecting payment cardholder data. Three types of organizations must comply with the PCI standard: merchants, processors, and service providers. See our PCI Overview.
  • [back to top]

  • PCI SSC (Payment Card Industry Security Standards Council)

    A consortium of the major credit card companies—VISA, Master Card, American Express, JCB, and Discover Financial Services—joined forces to create the Payment Card Industry Security Standards Council. The PCI SSC then drafted a security standard (the PCI DSS) aimed at protecting payment cardholder data.
  • [back to top]

  • Pilot

    See Proof of Concept.
  • [back to top]

  • PIN (Personal Identification Number)

    A usually four-digit number used for security of credit card accounts. Assuring the privacy of PINs is part of the PCI DSS.
  • [back to top]


    (Canada) The Personal Information Protection and Electronic Documents Act .protects personal information in Canada. It is closer to the EU DPD than US privacy laws.
  • [back to top]

  • PKI (Public Key Infrastructure)

    In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority.
  • [back to top]

  • POC (Proof of Concept)

    Also known as a "Pilot," a proof of concept is a short, controlled test of a new solution, application, or process that tries to simulate the real world environment. Usually the POC is limited by time, number of users or other connections, and total load. The purpose of a POC is to determine if it is worth going forward towards the planning of a complete installation and helps define the final testing required.
  • [back to top]

  • Privacy Laws

    Different countries and smaller political organizations have privacy laws to protect personal information of its citizens. When this was written, 46 States in the U.S. had privacy laws. While not identical, they were all largely based on the California privacy law. Different countries have their own privacy laws, as does the European Union. The laws apply to the citizens of the political entity, not the location of the data. (FYI, the four U.S. States without privacy laws when this was written are Alabama, Kentucky, New Mexico and South Dakota.)
  • [back to top]

  • Private Cloud

    A Private Cloud is the creation of a cloud-like environment within an organization's own IT infrastructure or at a Cloud Service Provider's facility, usually through the use of virtualization and the automation of resource utilization. A Private Cloud can provide some of the financial values of a Public Cloud while allowing the organization to control security, governance, availability and reliability. See also VPC, Community Cloud, Hybrid Cloud.
  • [back to top]

  • PRNG (Pseudo-Random Number Generator)

    A PRNG is an algorithm to generate a sequence of numbers that approximate the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudo-random numbers are important in practice for simulations and are central in the practice of cryptography. See also RNG.
  • [back to top]

  • PSS (Perfect Secret Sharing)

    PSS is a secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret. If any non-qualified subset has absolutely no information on the secret, then the scheme is called perfect. See also VSS.
  • [back to top]

  • Public Cloud

    Public cloud or sometimes called external cloud, describes cloud computing whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web-based applications or web services from an off-site third-party provider who shares resources and bills on a fine-grained utility pricing basis. See also Private Cloud, Community Cloud, Hybrid Cloud.
  • [back to top]

  • Public Key

    Public Key Cryptography or Public Key Encryption. See asymmetric key.
  • [back to top]

  • QoS (Quality of Service)

    Quality of Service traditionally refers to the ability of a network provider to insure that a subscriber gets a specific priority of access to the network, essentially a guarantee that the subscriber will get access to a specific bandwidth.
  • [back to top]

  • QSA (Qualified Security Assessor)

    Part of PCI-DSS, a QSA performs the annual audit for organizations requiring an external audit.
  • [back to top]

  • RCSS (Robust Computational Secret Sharing)

    RCSS is a data-sharing model that needs all shares to recover.
  • [back to top]

  • Re-encrypt

    Some compliance regulations require that the encryption keys must be periodically changed. This prevents someone from using a "stolen" key beyond that re-encryption interval. Most encryption products have this capability. Process requires that all data be read, decrypted, re-encrypted with the new key, and rewritten. For large amounts of data, this prtocess can take days or weeks. Most products allow access to the data during the process, but adds significant delays to that access.
  • [back to top]

  • Rekey

    Come compliance regulations allow periodic rekeying of encrypted data as a substitute for re-encryption. Rekeying does not re-encrypt the data, but changes who can gain access to the encryption keys. It provides the same safeguard against someone using an old key to access data. Not all encryption products have this capability. It requires that each individual or process has a separate key to the actual data key store that holds the actual encryption keys. When offered, rekey can happen in seconds with little or no impact on access to data. .
  • [back to top]

  • RFI (Request for Information)

    The intent of the RFI is to get a response from each potential supplier describing how that supplier would solve the underlying problem. The RFI response will frequently contain alternative solutions either because the supplier has a better idea, or the supplier cannot meet all of your stated requirements. An RFI is appropriate when the requestor is not sure that this supplier, or maybe any supplier, can meet their requirements, or the requestor is not sure that they have the correct requirements.
  • [back to top]

  • RFP (Request for Proposal)

    An RFP is a document that contains a set of requirements that is sent to one or more potential supplies of the product or service. The intended response is a proposal from each supplier describing how they would meet the requirements and how much it would cost.
  • [back to top]

  • RFQ (Request for Quote)

    An RFQ is a document that contains a set of requirements that is sent to one or more potential supplies of the product or service. The intended response is a quote from each supplier listing each product or service and their price that to meet the requirements.
  • [back to top]

  • RNG (Random Number Generator)

    RNG is a program routine that produces a random number. Random numbers are created easily in a computer, since there are many random events that take place such as the duration between keystrokes. Only a few milliseconds' difference is enough to seed a random number generation routine with a different starting number each time. Once seeded, an algorithm computes different numbers throughout the session. The numbers that are created must be distributed evenly over a certain range, and they cannot be predictable (the next number cannot be determined from the last). See also PRNG.
  • [back to top]

  • ROI (Return on Investment)

    ROI (or sometimes RoR, Return on Revenue) is the ratio of money gained or lost on an investment relative to the money invested, usually expressed as a percentage.
  • [back to top]

  • RPO (Recovery-Point Objectives)

    RPO is the age of files that must be recovered from backup storage or backup system for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. The RPO is expressed backward in time (that is, into the past) from the instant at which the failure occurs, and can be specified in seconds, minutes, hours, or days. This is a measure of how old the data can be when you come back up. If your RPO is 12 hours, then your data can be no older than 12 hours prior to the failure at the time your critical system comes up. Then you have to figure out how to recover that last 12 hours of data updates. Along with RTO, RPO an important consideration in disaster recovery planning.
  • [back to top]

  • RSA (Rivest-Shamir-Adleman)

    An algorithm for public-key encryption, named after initials of original developers. A highly secure cryptography method by RSA Security. It uses a two-part key. The private key is kept by the owner; the public key is published.
  • [back to top]

  • RTO (Recovery-Time Objectives)

    The time period after a disaster at which business functions need to be restored. This is the length of time after a failure occurs that you need to be back in operation. If your RTO is 24 hours, then your objective is to have the critical system operational within 24 hours of a failure. Along with RPO, it an important consideration in disaster recovery planning.
  • [back to top]

  • SaaS (Software as a Service)

    Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or cloud service provider and made available to customers over a network, typically the Internet, based on some defined usage rate. SaaS is becoming an increasingly prevalent delivery model as underlying technologies that support web services and service-oriented architecture (SOA) mature and new developmental approaches become popular. See also XaaS.
  • [back to top]

  • SAN (Storage Area Network)

    A SAN is a network of storage disks used to store data-at-rest. In large enterprises, a SAN connects multiple servers to a centralized pool of disk storage. SAN solutions allow sharing of files at the block level. See also NAS.
  • [back to top]

  • SDLC (Software Development Life Cycle)

    SDLC is a structure imposed on the development of a software product that defines the process for planning, implementation, testing, documentation, deployment, and ongoing maintenance and support. There are a number of different development models.
  • [back to top]

  • Secret Sharing

    Secret sharing is a method for distributing a shared secret among a group of participants, each of which is given a share of the secret. The secret can only be reconstructed when a sufficient number of shares are combined together, called the threshold. For example, a secret could be shared amongst five participants such that the secret could be reconstructed only if any 3 (or more) shares are combined. If you have fewer than the threshold number of shares, you have no more information than if you had no shares. See also Perfect Secret Sharing and Verifiable Secret Sharing.
  • [back to top]

  • SHA (Secure Hash Algorithm)

    SHAs are five cryptographic hash functions designed by the National Security Agency and published by NIST as a U.S. Federal Information Processing Standard (FIPS 180). They compute a fixed-length digital representation of a message of any length. The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The latter four variants are sometimes collectively referred to as SHA-2.
  • [back to top]

  • Shared Resources

    Shared resources are IT resources that are shared amongst multiple applications, solutions, or customers. Data Center Transformation uses virtualization to enable multiple applications to use the same computers, network and storage. The Public Cloud uses similar technique to allow multiple customers (subscribers) to use the same computers, network and storage in Cloud Service Provider facilities.
  • [back to top]

  • Shared Secret

    A Shared Secret is a piece of data only known to the parties involved in a secure communication. See also Secret Sharing.
  • [back to top]

  • SLA (Service Level Agreement)

    An SLA is part of a service contract that formally defines the level of service. SLAs can cover a wide range of subjects, including performance levels, response time limits, availability percentages, security concerns, and notification requirements.
  • [back to top]

  • SOA (Service-Oriented Architecture)

    SOA is a flexible set of design principles used during software development that defines how a loosely-integrated suite of services can interface among themselves and be used within multiple business domains. Rather than defining an API, SOA defines the interface in terms of protocols and functionality. XML is often used for interfacing with SOA services.
  • [back to top]

  • SOAP (Simple Object Access Protocol)

    Now known just as "SOAP". SOAP is a protocol specification for exchanging structured information in the implementation of Web Services. It relies on XML as its message format.
  • [back to top]

  • SOC (Security Operations Center)

    A SOC is an organization that delivers IT security services. The SOC attempts to prevent unauthorized access and manage security related incidents using processes and procedures. The mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software.
  • [back to top]

  • Social Media

    Social Media are highly accessible and scalable communication techniques that allow easy social interaction. Social Media uses Internet-based and mobile technologies to turn commiuncation into interactive dialogue. Some common social media products are Facebook, Twitter and YouTube. See also Web 2.0.
  • [back to top]

  • SOX (Sarbanes–Oxley Act)

    (U.S.A., although similar laws are appearing in other countries) The Sarbanes–Oxley Act is more commonly known as the Corporate and Auditing Accountability and Responsibility Act. of 2002. SOX only covers publically traded companies. It regulates areas such auditor independence, corporate governance, internal controls, and financial disclosure. SOX imposes financial and criminal penalties.
  • [back to top]

  • SSL (Secure Socket Layer)

    SSL is a cryptographic protocol that provides communications security over the Internet. When you see an "https://..." URL. you are communicating with SSL.
  • [back to top]

  • ST&E (Security Test and Evaluation)

    ST&E is examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.
  • [back to top]

  • Symmetric Key

    For symmetric key cryptography, the key is used for decryption is trivially relatied to the key used for encryption. Often the keys are identical. These keys represent a shared secret between the parties. See also asymmetric key.
  • [back to top]

  • TCO (Total Cost of Ownership)

    TCO is an estimate of the total cost of a solution over time, usually a few years. It should include all costs, both direct and indirect, associated with the solution. It helps determine the financial value of a change in operations.
  • [back to top]

  • TCP (Transmission Control Protocol)

    TCP is one of the core protocols of the Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like file transfer and e-mail. It is so important in the Internet protocol suite that sometimes the entire suite is referred to as "the TCP/IP protocol suite."
  • [back to top]

  • UCaaS (Unified Communication as a Service)

    UCaaS is part of a total desktop Cloud solution that provides access to email, file services, and instant messaging (for example, Microsoft Exchange, Microsoft Office SharePoint, and Microsoft Office Communicator). See also XaaS.
  • [back to top]

  • UDP (User Datagram Protocol)

    UDP is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol.
  • [back to top]

  • Usage-Based Pricing

    See Utility Pricing.
  • [back to top]

  • Utility Pricing

    Utility pricing is where the subscriber pays for resources as they are used instead of paying a fixed price independent of usage. In the current mode, a customer buys a server and pays for it as a capital expense, and then pays recurring maintenance fees. In a Cloud environment, the customer just "rents" the resources and pays as they use based on how much they use. Utility pricing is very much like how a customer pays for electricity in their home.
  • [back to top]

  • Vertical Cloud

    A Vertical Cloud is a Cloud Service Provider offering optimized for use in a particular line of business or application.
  • [back to top]

  • Virtual Image

    A virtual image is the set of software and configuration settings that create a VM. Virtual images are stored as disk files and must be managed according to appropriate security policy.
  • [back to top]

  • Virtualization

    Virtualization is the means of sharing a physical resource across multiple users with each of the users believing that they have all of the resource. The resource could be computing resources like servers, networks including the Internet, or storage.
  • [back to top]

  • VM (Virtual Machine)

    A VM is one of the key components of the Cloud. Through the use of virtualization, a single physical server can host multiple applications. Each of those applications is refered to as a "VM". The official definition is a completely isolated operating system installation within your normal operating system.
  • [back to top]

  • VOaaS (Virtual Office as a Service)

    VOaaS is part of a total desktop Cloud solution that provides access to standard office suites. See also XaaS.
  • [back to top]

  • VOIP (Voice over Internet Protocol)

    VOIP provides voice communications over the Internet.
  • [back to top]

  • VOSIP (Voice over Secure Internet Protocol)

    VOSIP is VOIP over a secure Internet channel.
  • [back to top]

  • VPC (Virtual Private Cloud)

    A VPC is a Private Cloud created within the Public Cloud through the use of secure networks between the subscriber and the vendor and secure separation of data and processing within the vendor's environment. See alsoHybrid Cloud.
  • [back to top]

  • VPN (Virtual Private Network)

    A VPN is a communications network tunneled through another network and dedicated for a specific network.
  • [back to top]

  • VSS (Verifiable Secret Sharing)

    In cryptography, a secret sharing scheme is verifiable if auxiliary information is included that allows players to verify their shares as consistent. More formally, verifiable secret sharing ensures that even if the dealer is malicious there is a well-defined secret that the players can later reconstruct. In standard secret sharing, the dealer is assumed to be honest, see PSS.
  • [back to top]

  • WAN (Wide Area Network)

    A WAN is a computer network that covers a significant geography, with commiunications links between different cities or facilities located in multiple metropolitan or governmental entities.
  • [back to top]

  • Web 2.0

    WEb 2.0 is the term used to describe web applications that faciltate information sharing and allows people to interact and collaberate with each other over the Internet. See also Social Media.
  • [back to top]


    See API.
  • [back to top]

  • WebEx

    WebEx Communications is a Cisco company that provides on-demand collaboration, online meeting, web conferencing and videoconferencing applications. Like other pioneering product names, WebEx has become a generic term for web conferencing.
  • [back to top]

  • Web-based Applications

    A web-based application is one in which all or some parts of the software are downloaded from the Internet each time it is run. It often refers to browser-based applications that run within the user's Web Browser, but can also refer to thin- or thick-client applications that behave like local applications such as Java-based applications.
  • [back to top]

  • Web Service

    Web services are typically application programming interfaces (API) or web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services.
  • [back to top]

  • XaaS (X as a Service)

    A generic term that references all of the something as a service offerings over the Internet, including:
  • [back to top]

  • XML (Extensible Markup Language)

    XML is a general-purpose markup language. It is classified as an extensible language because it allows its users to define their own tags. Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet.
  • [back to top]