Lesson 6 - Secure Cloud Network Architecture Flashcards
CSPs
Cloud Service Providers
- Organization providing infrastructure, application, and/or storage services via an “as a service” subscription-based, cloud-centric offering.
SaaS
Software as a Service
- A cloud service model that provisions fully developed application services to users.
PaaS
Platform as a Service
- A cloud service model that provisions application and database services as a platform for development of apps.
IaaS
Infrastructure as a Service
- A cloud service model that provisions virtual machines and network infrastructure.
PII
Personally Identifiable Information
- Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
CDN
Content Delivery Network
- a network of servers linked together with the goal of delivering content as quickly, cheaply, reliably, and securely as possible
HA
High Availability
- A metric that defines how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of system performance.
GRS
Geo-Redundant Storage
- replicating data across multiple, geographically diverse locations to enhance data availability and durability, protecting against regional outages, disasters, and cyberattacks that could compromise a single location
VPC
Virtual Private Cloud
- A private network segment made available to a single cloud consumer on a public cloud.
IaC
Infrastructure as Code
- Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.
SDN
Software-Defined Networking
- APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.
NFV
Network Functions Virtualization
- Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.
SLA
Service Level Agreement
- define expected service levels, including performance, availability, and support commitments between cloud service providers and organizations
ISA
Interconnection Security Agreements
- establish the security requirements and responsibilities between the organization and the cloud service provider to safeguard sensitive data and ensure compliance with industry regulations to help ensure the confidentiality, integrity, and availability of data and systems within the cloud environment
GDPR
General Data Protection Regulation
- mandates that organizations processing personal data of EU citizens implement robust security measures to protect that data from breaches and unauthorized access, ensuring compliance with data protection laws
HIPAA
Health Insurance Portability and Accountability Act
- a set of rules designed to protect the privacy and security of patient health information, especially when stored or transmitted electronically, ensuring confidentiality, integrity, and availability
PCI DSS
Payment Card Industry Data Security Standard
- The information security standard for organizations that process credit or bank card payments.
SD-WAN
Software-Defined Wide Area Network
- Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.
SASE
Secure Access Service Edge
- A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. It combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN.
RTOS
Real-Time Operating System
- A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.
ICS
Industrial Control System
- Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).
DCS
Distributed Control System
- a digital control system used in industrial settings to automate and manage processes, often distributed across a plant or facility
OT
Operational Technology
- A communications network designed to implement an industrial control system rather than data networking.
SCADA
Supervisory Control and Data Acquisition
- A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.
IoT
Internet of Things
- Devices that can report state and configuration data and be remotely managed over IP networks.
ZTA
Zero Trust Architecture
- a cybersecurity approach that assumes no user, device, or application is inherently trustworthy, requiring continuous verification and authorization for every access request, regardless of location.