Cloud Glossary
Glossary of Cloud terms and acronyms
These are some of the terms we have used or been asked about in our seminars, training classes, workshops and assessment services. Like everything else about the Cloud, you may find alternate "definitions" of these terms in other sources. The Cloud is relatively new and rapidly evolving. New terms are constantly appearing, and the meanings of older terms sometimes morph as new technology and processes are developed by the companies and individuals leading the Cloud evolution. If you would like to suggest additional terms for our glossary, have corrections or better definitions, or any other comments, please use our Contact Us form, or email us at info@PurposefulClouds.com.
When there is a common acronym, the entries in this table are alphabetical by the acronym instead of the longer form. For example, the entry "RNG (Random Number Generator)" is ordered by "RNG" and not "Random."
21CFR Part 11
Part 11 of Title 21 of the United States Code of Federal Regulation, sometimes abbreviated "21CFR11," is the US Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures that defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Part 11 requires industries like drug makers, medical device manufacturers, and biotech companies to implement controls over their electronic records and signatures.
AES (Advanced Encryption Standard)
Also known as Rijndael, AES is a block cipher encryption standard adopted by the U.S. and other governments. It has been analyzed extensively and is now used widely worldwide. AES is one of the most popular algorithms used in Symmetric Key cryptography. “AES” is often followed by a number, as “AES-256”, which indicates the length of the key in bits.
API (Application Program Interface)
An API is how one computer process (software) communicates with another. APIs may be standardized by industry agreement or government fiat, or proprietary to a specific application or vendor. The scope of the term API can vary based on its usage. It may refer to a single “call” by which one application can request information for another, the set of such calls for an application such as Google Maps, or the collection of all such application APIs used by an organization. In Cloud environments this is sometimes referred to as "Web API."
Archive
An archive is a collection of historical records, sometimes including the place where they are stored. In IT, an archive refers to the electronic records that an organization maintains for historical records. How long a particular document or file is stored depends on regulations, laws, and corporate procedures. Archival storage is different from backup storage or other copies of current data for disaster recovery purposes.
Asymmetric Key
Also known as public-key cryptography or public-key encryption. Unlike Symmetric Key encryption algorithms, asymmetric key encryption does not require a secure initial exchange of a key. The asymmetric key algorithms create a pair of keys: a secret private key and a published public key. A message or document encrypted with the private key can only be decrypted with the public key, and a message or document encrypted with the public key can only be decrypted with the private key. The receiver can verify the authenticity of a message encrypted with the sender's private key by using the sender's public key. If you send a message encrypted using someone's public key, then you know that only that person will be able to decrypt the message using his private key. Both of you will know the message was not altered. All of this only works if the private key is kept private.
Availability
One of the three top concerns of those responsible for data security. Availability means that the data is available when it is needed. See also Confidentiality and Integrity.
BPaaS (Business Process as a Service)
BPaaS is BPO run as a Cloud service. For example, human resources as a service. See also XaaS.
BPO (Business Process Outsourcing)
Business process outsourcing is a form of outsourcing that involves the contracting the operations and responsibility of a specific business function or process to as third party service provider.
Business Continuance
(See Disaster Recovery).
CAPEX (Capital Expenditure)
A capital expenditure is when a business spends money to buy fixed assets or to add value to an existing fixed asset. Fixed assets have a useful life that extends beyond the taxable year. Most organizations have a minimum cost to designate a fixed asset. Capital expenditures cannot be deducted in the year they are incurred, but must be capitalized (depreciated) over years. For example, buying a copier is a capital expense, but buying the paper and toner are operational expenses. See also OPEX.
CCV (Credit card validation number)
The CCV is also known as the CSC (Card Security Code), CVD (Card Verificaiton Data), CVV or CVV2 (Card Verfication Value), or CVVC (Card Verification Value Code). CVV is a three- or four-digit number printed on the card, but not encoded in the card's magnetic strip. It is usually printed on the back, but American Express prints it on the front of the card.
Cloud
"Cloud" often refers to "Cloud Computing" but the simplest definition of "Cloud" is that it is the Internet, the infrastructure that allows vendors to supply computing, platform, software and services to their customers on a pay-as-you go utility model.
Cloud Burst
Cloud Burst has two meanings: one positive, and one negative.
Positive: Cloud Burst, or Cloud Bursting, is the process of using Cloud Computing to handle excess demand or demand bursts beyond what your own data center or Private Cloud can support. Normally, your own infrastructure handles all of your processing, but when excess demand occurs due to special sales activity, seasonal spikes, or other market drivers exceed the capacity of your data center you automatically shift that excess load to the Public Cloud. This mechanism is almost always substantially less expensive than increasing your own infrastructure to support the burst. See also Hybrid Cloud.
Negative: The failure of a Cloud Computing environment due to its inability to handle demand bursts.
Cloud Computing
Cloud computing uses the Internet to share resources, software and information on-demand, much like a public utility allows many people to share the same water or power system, paying only for what they need.
Cloud-in-a-Box
Some companies offer a pre-packaged set of physical equipment including servers and storage configured to provide a Private Cloud environment. Often, the equipment comes in a single equipment rack, thus the "Cloud-in-a-Box" designation. While not really a Cloud implementation (since it doesn't provide "instant" scaling beyond the initial configuration capability), it is a good way to test a specific Cloud implementation prior to actually moving it to a Cloud Service Provider.
Cloud Mashup
A cloud mashup occurs when one Cloud Service Provider uses another Cloud Service Provider internally as part of their offerings. This is, clearly, what the Cloud is all about, but it does complicate the security aspects that the Cloud customer needs to evaluate. See also Intercloud.
Cloud Portability
Cloud portability is being able to easily move applications or other services from one Cloud Service Provider to another, or back to your own data center.
Cloud Service Provider
(See CSP.)
Cloud Services
Cloud Services are those consulting services provided by independent consulting organizations or by Cloud Service Providers to facilitate migration to the Cloud and the management of the Cloud for your business.
Cloud Spanning
Cloud Spanning is running an application such that different component straddle multiple Private and/or Public Cloud environments.
Cloudsourcing
Cloudsourcing is running complete solutions for your business in the Public Cloud. The provider of Cloudsourcing products typically provides complete solutions including infrastructure, platform, and applications as a service. Cloudsourcing is an extension of business process outsourcing.
Cloudstorming
Cloudstorming is the act of connecting multiple Cloud Computing environments.
Cloudware
Cloudware is software that runs in or comes from the Cloud, usually referring to web-based applications. Is is also sometimes used to refer to the platform that is in the Cloud in a PaaS environment.
COA (Cloud Oriented Architecture)
A Cloud Oriented Architecture is an architecture for IT infrastructure and software applications that is optimized for use in cloud computing environments.
Community Cloud
The Community Cloud is a Public Cloud that is limited to a specific set of organizations with similar security requirements. They can share infrastructure or even software solutions and realize the financial and agility benefits of Cloud Computing. Since there are fewer users to share the costs, this option is more expensive than a standard Public Cloud but less costly than each organization going it alone. By focusing on a single set of requirements, the Community Cloud CSP can offer a higher level of privacy, security and policy compliance. Perhaps more importantly, the CSP can have the trained staff that understands these security requirements thus providing a more secure and consistent environment than each individual organization can likely afford. See also Private Cloud, Hybrid Cloud.
Compliance
Compliance is the requirement that an organization meet the security requirements of the various privacy laws and other compliance directives and laws that apply to the organization's data.
Confidentiality
One of the three top concerns of those responsible for data security. Confidentiality means that the data can be seen only by those people and process that are allowed to see it. In some environments, this is made of two separate components: "right to know" and "need to know." "Right to know" means that the individual has the appropriate clearance authorization or has the correct role in the organization. "Need to know" means that the individual is actually working on a project that requires access to this data. Both "right to know" and "need to know" are required. See also Availability and Integrity.
Continuous Operations
Continuous Operations is the ability for IT services to be always on and available to provide survival of operations in the case of catastrophic events.
COOP (Continuity of Operations Plan)
The COOP refers to the preparations and institutions maintained by an organization providing survival of operations in the case of catastrophic events. This term is usually used by government organizations.
COTS (Commercial Off the Shelf)
COTS is a term for software or hardware, generally technology or computer products, that are ready-made and available for sale, lease, or license to the general public. They are often used as alternatives to one-off development projects either in-house, through consultants, or through contracts with suppliers. The use of COTS is often mandated in many organizations as they may offer significant savings in procurement and maintenance cost, and in the time it takes to deploy the solution. On the negative side, COTS by definition are not designed for one specific organization, and often the organization has to balance the cost of changing processes to match the product or not getting exactly the results they desire.
CSA (Cloud Service Architecture)
The Cloud Service Architecture is the architecture that allows multiple services in the Cloud to communicate with each other. The CSA might be defined by a Cloud Service Provider or by an application or operating environment vendor.
CSP (Cloud Service Provider)
A Cloud Service Provider is a vendor who provides all or part of a particular Cloud implementation. It could be the infrastructure, platform, and/or applications or the tools or services to manage that implementation.
DaR (Data at Rest)
DAR refers to the data that is being stored somewhere. The data could be stored on physically fixed environments like a storage area network (SAN), network attached storage (NAS), or local disk, on readily movable devices like thumb drives and CD/DVD media, or stored remotely for Business Continuance, Disaster Recovery or Archive.
DARPA
DARPA is the Defense Advanced Research Projects Agency, part of the US Department of Defense. It is primary US military research agency, originally established in 1958 to prevent technological surprises like the Soviet launch of Sputnik. One of best know projects with ARPANET, which grew into the Internet.
Data-in-Process
Data in process refers to data while it is actually in a server or workstation. This is data that is in the actual processor registers or stack, the cache, and the memory. Over most of the history of IT, data-in-process has not been a security concern. However, with the Cloud, the physical servers are no longer under your physical control. Memory dumps, audits, and virtualization problems can expose data-in-process to attack.
DCT (Data Center Transformation)
Data center transformation is the process by which the existing data center infrastructure can be used more effectively by technique like virtualization of compute and storage resources, with the potential to significantly reduce the cost of the infrastructure and increase the flexibility to respond to workload distribution changes.
DES Data Encryption Standard)
DES is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard for the United States in 1976, and which has subsequently enjoyed widespread use internationally. The algorithm was initially controversial, with classified design elements, a relatively short key length, and suspicions about a government backdoor. DES consequently came under intense academic scrutiny, and motivated the modern understanding of block ciphers and their cryptanalysis. DES is now considered to be insecure for many applications. DES keys have been broken in less than 24 hours. DES has largely been replaced by AES.
DiM (Data in Motion)
DiM refers to data as it is moving through a network, whether a local network, a WAN (wide-area network), or the Internet. Network connections can be wired required a physical connection to communicate or wireless requiring proximity to a transmitter/receiver. With satellites, “proximity” could mean “anywhere between the Arctic Circle and the Antarctic circle.”
Discovery Order
A Discovery Order is an order from a court requiring that an organization respond with all of the information related to a specific event or contract. Discovery Orders almost always include information stored in computer systems, including backup, audit and archive media.
DoS (Denial of Service)
Sometimes referred to as a DDoS (Distributed Denial of Service). DoS is an attack on a computer resource to make that resource unavailable to its intended users. There are many forms of a DoS attack, but the intent is to prevent an Internet site or service from functioning efficiently or not at all. DoS attacks are real attacks against an organization directed by individuals, organizations or often governments. Even if your organization is not the target of a DoS attack, you can be significantly impacted if one of your Cloud partners is attacked.
DPD (Data Protection Directive)
(European Union). The EU Data Protection Directive is the overall EU privacy and human rights legislation. It includes regulations on cross-border transfer of personal data, especially outside of the EU. It's seven principles are:
Give notice when data is collected
Use only for the purpose collected
Obtain consent before disclosure
Keep secure from potential abuse
Must disclose who is collecting
Subject is allowed access and ability to correct
Hold collectors accountable for these principles
.
~ {back to top} ~
DR (Disaster Recovery)
DR is the ability to restore access to records, data, hardware and software necessary to resume critical business operations after a disaster. There are facility disasters (e.g., fire in the building, bomb threats), local disasters (e.g., power outages, floods, earthquakes), and regional disasters (e.g., hurricanes [Hurricane Katrina was 500 miles wide], electrical grid failures). The cost to guarantee that you can resume operations usually increases as the distance and number of disaster recovery centers increases. Sometimes referred to as “Business Continuance” or “Continuous Operations.”
DRaaS (Disaster Recovery as a Service)
DRaaS provides disaster recovery services in the Cloud. It can be provided as either a Private Cloud or a Public Cloud solution. See also XaaS.
DRP (Disaster Recovery Planning)
DRP is the process, policies and procedures necessary to implement a disaster recovery solution.
EHR (Electronic Health Record.)
(See EPHI.)
Encryption
Encryption is the process of transforming information (plaintext) in such a way as to make it unreadable (ciphertext) to anyone except those possessing a key.
EPHI (Electronic Private Health Information.)
Sometimes just EHR (Electronic Health Record) or EPR (Electronic Patient Record) is the systematic collection of electronic health information about individual patients. This information is protected in the U.S.A. by HIPAA and HITECH.
EPR (Electronic Patient Record.)
(See EPHI.)
External Cloud
Another name for the Public Cloud.
FIPS (Federal Information Processing)
FIPS are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors.
FISMA (Federal Information Security Management Act.)
(U.S.A.) The Federal Information Security Management Act of 2002 recognizes the connection between economic security and national security.. It defines a framework for information security for all systems operated by the US government, or by contractors for the government. All systems must be certified and monitored.
Forensics
(As related to a data security breach) "Forensics" (or "computer forensics") examines a computer environment to determine what happened, how to rid the computer systems of the cause, and what data has definitely and/or potentially been compromised. Significant forensics investigation must often be performed in order to know whether a law or compliance requirement has been broken, and what action must be taken in response to that breach.
FTE (Full-Time Equivalent)
One FTE is the work done by one person working full time. A project that takes 3 FTEs could possibly be done by one person in 3 years, 3 people in one year, 9 people in 4 months, or 6 people each working half time in one year. It does not matter whether the people are full-time or part-time employees, or contractors.
Gartner
Gartner, Inc. is the world's leading information technology research and advisory company. We deliver the technology-related insights necessary for our clients to make the right decisions, every day."
GLBA (Gramm-Leach Bliley Act)
(U.S.A.) The Gramm-Leach Bliley Act is also known as the Financial Services Modernization Act of 1999. It protects non-public personal information, and imposes criminal and financial penalties for failure to adhere to the act. GLBLA is what causes you go get those "Our Privacy Policy" letters and emails.
HaaS (Hardware as a Service)
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA was passed by the US Congress in 1996 to protects health insurance coverage for workers and their families when a worker changes job, requires the establishment of national standards for electronic health care transactions, and addresses the security and privacy of personal health data. Wikipedia has a good overview including references, and the full text is available.
HITECH (Health Information Technology for Economic and Clinical Health Act.)
(U.S.A.) HITECH covers the security of transmission of EPHI (electronic private health information.).
HPC (High Performance Computing)
HPC covers the infrastructure needed to solve very difficult computation problems, often for scientific research. HPC solutions include supercomputers and clusters of hundreds or thousands of individual computers, including solutions that consolidate the power of computers across the Cloud.
Hybrid Cloud
The Hybrid cloud environment consists of multiple Private Cloud and Public Cloud environments. By integrating multiple Cloud services, you can take advantage of Public Cloud services where appropriate and use Private Cloud services where security, performance or availability constraints require more control.
IaaS (Infrastructure as a Service)
Infrastructure as a Service (sometimes referred to Hardware as a Service or HaaS) is a provisioning model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. See also XaaS.
IDA (Information Dispersal Algorithm)
An IDA is a method to slice data into pieces so that when data is moving in a network or stationary in storage, it is unrecognizable unless the user has the right key(s) and also has sufficient slices. The slices can be at the bit level or the byte level.
IDC (International Data Corporation)
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy."
ILM (Information Lifecycle Management)
ILM is the practice of applying policies to the management of information. It includes defining the useful life of specific types of data, based on the content of the data, and what is to be done with the data when it has come to the end of its useful life. ILM policies include who is permitted to view data, who is permitted to modify data, any special requirements for the storage of the data (e.g., encryption).
Integrity
One of the three top concerns of those responsible for data security. Integrity means that the data has not been inappropriately modified since it was created. It means that Data-in-Motion arrives unchanged, and Data-at-Rest has not changed except by appropriate processes. At a minimum, it requires that any unauthorized modification is detected. See also Confidentiality and Availability.
Intercloud
The Intercloud is an interconnected global "cloud of clouds." Trend Micro has applied for a US Trademark on the term. See also Cloud Mashup and Cloud Spanning.
IP (Internet Protocol)
The network protocol used by the Internet. See also TCP.
IPSEC (Internet Protocol Security)
IPsec is a suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each packet in a data stream. IPsec also includes protocols for cryptographic key establishment.
IT (Information Technology)
IT is the study, design, development, implementation, support and management of the computer-based information systems, particularly software applications and the computer hardware on which they operate. IT is responsible for the use of computers and software to convert, store, protect, process, transmit and retrieve information.
LAN (Local Area Network)
A LAN is a computer network that covers a limited physical area, usually no larger than a single building.
MAC (Message Authentication Code)
A cryptographic MAC is a short piece of information used to authenticate a message and insure that the message was not changed. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. A MAC can be applied to Data-in-Motion across a network or Data-at-Rest in some storage environment.
Malware
Malware, short for malicious software, is software deliberately designed to secretly access a computer system without the user's consent. That access could be to steal information from the computer or to actually damage the data stored on or accessible from the computer. Malware is the generic term that covers all malicious software, including viruses, worms, trojan horses, and spyware.
MITS (Management of Information Technology Security)
(Canada) MITS “safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information” of the Canadian government..
MRC (Mission Resilient Cloud)
A Mission Resilent Cloud is one that can survive signficiant failures in the network that is supporting the Cloud. Currently, the primary reserach effort is in the military environment under a DARPA project.
NAS (Network Attached Storage)
NAS stores data-at-rest. NAS is hard disk storage that is set up with its own network address rather than being attached to the department computer that is serving applications to a network's workstation users. NAS accesses storage at the file level so has restrictions on the type of applications that can use it. See also SAN.
NIST (National Institute of Standards and Technology)
The NIST, known formerly as the National Bureau of Standards, is a non-regulatory agency of the United States Department of Commerce. The institute's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life.
NOC (Network Operations Center)
The NOC is one or more locations from which control a communications network. A NOC monitors the network for alarms or other conditions that may impact the network's performance.
NSA (National Security Administration)
The NSA is the United States government's cryptologic intelligence agency, administered under the U.S. Department of Defense.
OPEX (Operating Expenditure)
An operating expenditure is an ongoing cost for running a business. It excludes the purchase of a fixed asset (a capital expense). Operating expenditures can be deducted in the year they are incurred. For example, buying a copier is a capital expense, but buying the paper and toner are operational expenses. See also CAPEX.
PaaS (Platform as a Service)
Platform as a Service (PaaS) is a paradigm for delivering the computing platform and a software solution stack as a service over the Internet without downloads or installation. PaaS is sometimes called "cloudware" because it moves resources from privately owned computers into the Cloud. It’s a platform that includes all the systems and environments comprising the end-to-end life cycle of developing, testing, deploying and hosting web applications to fully leverage existing services within the Cloud. In other words, PaaS offerings facilitate the deployment of applications without the cost and complexity of buying and managing the underlying hardware or software and provisioning hosting capabilities.
PAN (Principle Account Number)
The 16-digit number on the front of a credit card. Assuring the privacy of PANs is part of the PCI DSS.
Pay-As-You-Go
See Utility Pricing.
Pay-For-Use
See Utility Pricing.
PCI-DSS (Payment Card Industry Data Security Standard)
PCI DSS is a security standard developed by PCI SSC aimed at protecting payment cardholder data. Three types of organizations must comply with the PCI standard: merchants, processors, and service providers. See our PCI Overview.
PCI SSC (Payment Card Industry Security Standards Council)
A consortium of the major credit card companies—VISA, Master Card, American Express, JCB, and Discover Financial Services—joined forces to create the Payment Card Industry Security Standards Council. The PCI SSC then drafted a security standard (the PCI DSS) aimed at protecting payment cardholder data.
Pilot
See Proof of Concept.
PIN (Personal Identification Number)
A usually four-digit number used for security of credit card accounts. Assuring the privacy of PINs is part of the PCI DSS.
PIPEDA
(Canada) The Personal Information Protection and Electronic Documents Act .protects personal information in Canada. It is closer to the EU DPD than US privacy laws.
PKI (Public Key Infrastructure)
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority.
POC (Proof of Concept)
Also known as a "Pilot," a proof of concept is a short, controlled test of a new solution, application, or process that tries to simulate the real world environment. Usually the POC is limited by time, number of users or other connections, and total load. The purpose of a POC is to determine if it is worth going forward towards the planning of a complete installation and helps define the final testing required.
Privacy Laws
Different countries and smaller political organizations have privacy laws to protect personal information of its citizens. When this was written, 46 States in the U.S. had privacy laws. While not identical, they were all largely based on the California privacy law. Different countries have their own privacy laws, as does the European Union. The laws apply to the citizens of the political entity, not the location of the data. (FYI, the four U.S. States without privacy laws when this was written are Alabama, Kentucky, New Mexico and South Dakota.)
Private Cloud
A Private Cloud is the creation of a cloud-like environment within an organization's own IT infrastructure or at a Cloud Service Provider's facility, usually through the use of virtualization and the automation of resource utilization. A Private Cloud can provide some of the financial values of a Public Cloud while allowing the organization to control security, governance, availability and reliability. See also VPC, Community Cloud, Hybrid Cloud.
PRNG (Pseudo-Random Number Generator)
A PRNG is an algorithm to generate a sequence of numbers that approximate the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudo-random numbers are important in practice for simulations and are central in the practice of cryptography. See also RNG.
PSS (Perfect Secret Sharing)
PSS is a secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret. If any non-qualified subset has absolutely no information on the secret, then the scheme is called perfect. See also VSS.
Public Cloud
Public cloud or sometimes called external cloud, describes cloud computing whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web-based applications or web services from an off-site third-party provider who shares resources and bills on a fine-grained utility pricing basis. See also Private Cloud, Community Cloud, Hybrid Cloud.
Public Key
Public Key Cryptography or Public Key Encryption. See asymmetric key.
QoS (Quality of Service)
Quality of Service traditionally refers to the ability of a network provider to insure that a subscriber gets a specific priority of access to the network, essentially a guarantee that the subscriber will get access to a specific bandwidth.
QSA (Qualified Security Assessor)
Part of PCI-DSS, a QSA performs the annual audit for organizations requiring an external audit.
RCSS (Robust Computational Secret Sharing)
RCSS is a data-sharing model that needs all shares to recover.
Re-encrypt
Some compliance regulations require that the encryption keys must be periodically changed. This prevents someone from using a "stolen" key beyond that re-encryption interval. Most encryption products have this capability. Process requires that all data be read, decrypted, re-encrypted with the new key, and rewritten. For large amounts of data, this prtocess can take days or weeks. Most products allow access to the data during the process, but adds significant delays to that access.
Rekey
Come compliance regulations allow periodic rekeying of encrypted data as a substitute for re-encryption. Rekeying does not re-encrypt the data, but changes who can gain access to the encryption keys. It provides the same safeguard against someone using an old key to access data. Not all encryption products have this capability. It requires that each individual or process has a separate key to the actual data key store that holds the actual encryption keys. When offered, rekey can happen in seconds with little or no impact on access to data. .
RFI (Request for Information)
The intent of the RFI is to get a response from each potential supplier describing how that supplier would solve the underlying problem. The RFI response will frequently contain alternative solutions either because the supplier has a better idea, or the supplier cannot meet all of your stated requirements. An RFI is appropriate when the requestor is not sure that this supplier, or maybe any supplier, can meet their requirements, or the requestor is not sure that they have the correct requirements.
RFP (Request for Proposal)
An RFP is a document that contains a set of requirements that is sent to one or more potential supplies of the product or service. The intended response is a proposal from each supplier describing how they would meet the requirements and how much it would cost.
RFQ (Request for Quote)
An RFQ is a document that contains a set of requirements that is sent to one or more potential supplies of the product or service. The intended response is a quote from each supplier listing each product or service and their price that to meet the requirements.
RNG (Random Number Generator)
RNG is a program routine that produces a random number. Random numbers are created easily in a computer, since there are many random events that take place such as the duration between keystrokes. Only a few milliseconds' difference is enough to seed a random number generation routine with a different starting number each time. Once seeded, an algorithm computes different numbers throughout the session. The numbers that are created must be distributed evenly over a certain range, and they cannot be predictable (the next number cannot be determined from the last). See also PRNG.
ROI (Return on Investment)
ROI (or sometimes RoR, Return on Revenue) is the ratio of money gained or lost on an investment relative to the money invested, usually expressed as a percentage.
RPO (Recovery-Point Objectives)
RPO is the age of files that must be recovered from backup storage or backup system for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. The RPO is expressed backward in time (that is, into the past) from the instant at which the failure occurs, and can be specified in seconds, minutes, hours, or days. This is a measure of how old the data can be when you come back up. If your RPO is 12 hours, then your data can be no older than 12 hours prior to the failure at the time your critical system comes up. Then you have to figure out how to recover that last 12 hours of data updates. Along with RTO, RPO an important consideration in disaster recovery planning.
RSA (Rivest-Shamir-Adleman)
An algorithm for public-key encryption, named after initials of original developers. A highly secure cryptography method by RSA Security. It uses a two-part key. The private key is kept by the owner; the public key is published.
RTO (Recovery-Time Objectives)
The time period after a disaster at which business functions need to be restored. This is the length of time after a failure occurs that you need to be back in operation. If your RTO is 24 hours, then your objective is to have the critical system operational within 24 hours of a failure. Along with RPO, it an important consideration in disaster recovery planning.
SaaS (Software as a Service)
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or cloud service provider and made available to customers over a network, typically the Internet, based on some defined usage rate. SaaS is becoming an increasingly prevalent delivery model as underlying technologies that support web services and service-oriented architecture (SOA) mature and new developmental approaches become popular. See also XaaS.
SAN (Storage Area Network)
A SAN is a network of storage disks used to store data-at-rest. In large enterprises, a SAN connects multiple servers to a centralized pool of disk storage. SAN solutions allow sharing of files at the block level. See also NAS.
SDLC (Software Development Life Cycle)
SDLC is a structure imposed on the development of a software product that defines the process for planning, implementation, testing, documentation, deployment, and ongoing maintenance and support. There are a number of different development models.
Secret Sharing
Secret sharing is a method for distributing a shared secret among a group of participants, each of which is given a share of the secret. The secret can only be reconstructed when a sufficient number of shares are combined together, called the threshold. For example, a secret could be shared amongst five participants such that the secret could be reconstructed only if any 3 (or more) shares are combined. If you have fewer than the threshold number of shares, you have no more information than if you had no shares. See also Perfect Secret Sharing and Verifiable Secret Sharing.
SHA (Secure Hash Algorithm)
SHAs are five cryptographic hash functions designed by the National Security Agency and published by NIST as a U.S. Federal Information Processing Standard (FIPS 180). They compute a fixed-length digital representation of a message of any length. The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The latter four variants are sometimes collectively referred to as SHA-2.
Shared Resources
Shared resources are IT resources that are shared amongst multiple applications, solutions, or customers. Data Center Transformation uses virtualization to enable multiple applications to use the same computers, network and storage. The Public Cloud uses similar technique to allow multiple customers (subscribers) to use the same computers, network and storage in Cloud Service Provider facilities.
Shared Secret
A Shared Secret is a piece of data only known to the parties involved in a secure communication. See also Secret Sharing.
SLA (Service Level Agreement)
An SLA is part of a service contract that formally defines the level of service. SLAs can cover a wide range of subjects, including performance levels, response time limits, availability percentages, security concerns, and notification requirements.
SOA (Service-Oriented Architecture)
SOA is a flexible set of design principles used during software development that defines how a loosely-integrated suite of services can interface among themselves and be used within multiple business domains. Rather than defining an API, SOA defines the interface in terms of protocols and functionality. XML is often used for interfacing with SOA services.
SOAP (Simple Object Access Protocol)
Now known just as "SOAP". SOAP is a protocol specification for exchanging structured information in the implementation of Web Services. It relies on XML as its message format.
SOC (Security Operations Center)
A SOC is an organization that delivers IT security services. The SOC attempts to prevent unauthorized access and manage security related incidents using processes and procedures. The mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software.
Social Media
Social Media are highly accessible and scalable communication techniques that allow easy social interaction. Social Media uses Internet-based and mobile technologies to turn commiuncation into interactive dialogue. Some common social media products are Facebook, Twitter and YouTube. See also Web 2.0.
SOX (Sarbanes–Oxley Act)
(U.S.A., although similar laws are appearing in other countries) The Sarbanes–Oxley Act is more commonly known as the Corporate and Auditing Accountability and Responsibility Act. of 2002. SOX only covers publically traded companies. It regulates areas such auditor independence, corporate governance, internal controls, and financial disclosure. SOX imposes financial and criminal penalties.
SSL (Secure Socket Layer)
SSL is a cryptographic protocol that provides communications security over the Internet. When you see an "https://..." URL. you are communicating with SSL.
ST&E (Security Test and Evaluation)
ST&E is examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.
Symmetric Key
For symmetric key cryptography, the key is used for decryption is trivially relatied to the key used for encryption. Often the keys are identical. These keys represent a shared secret between the parties. See also asymmetric key.
TCO (Total Cost of Ownership)
TCO is an estimate of the total cost of a solution over time, usually a few years. It should include all costs, both direct and indirect, associated with the solution. It helps determine the financial value of a change in operations.
TCP (Transmission Control Protocol)
TCP is one of the core protocols of the Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications like file transfer and e-mail. It is so important in the Internet protocol suite that sometimes the entire suite is referred to as "the TCP/IP protocol suite."
UCaaS (Unified Communication as a Service)
UCaaS is part of a total desktop Cloud solution that provides access to email, file services, and instant messaging (for example, Microsoft Exchange, Microsoft Office SharePoint, and Microsoft Office Communicator). See also XaaS.
UDP (User Datagram Protocol)
UDP is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol.
Usage-Based Pricing
See Utility Pricing.
Utility Pricing
Utility pricing is where the subscriber pays for resources as they are used instead of paying a fixed price independent of usage. In the current mode, a customer buys a server and pays for it as a capital expense, and then pays recurring maintenance fees. In a Cloud environment, the customer just "rents" the resources and pays as they use based on how much they use. Utility pricing is very much like how a customer pays for electricity in their home.
Vertical Cloud
A Vertical Cloud is a Cloud Service Provider offering optimized for use in a particular line of business or application.
Virtual Image
A virtual image is the set of software and configuration settings that create a VM. Virtual images are stored as disk files and must be managed according to appropriate security policy.
Virtualization
Virtualization is the means of sharing a physical resource across multiple users with each of the users believing that they have all of the resource. The resource could be computing resources like servers, networks including the Internet, or storage.
VM (Virtual Machine)
A VM is one of the key components of the Cloud. Through the use of virtualization, a single physical server can host multiple applications. Each of those applications is refered to as a "VM". The official definition is a completely isolated operating system installation within your normal operating system.
VOaaS (Virtual Office as a Service)
VOaaS is part of a total desktop Cloud solution that provides access to standard office suites. See also XaaS.
VOIP (Voice over Internet Protocol)
VOIP provides voice communications over the Internet.
VOSIP (Voice over Secure Internet Protocol)
VOSIP is VOIP over a secure Internet channel.
VPC (Virtual Private Cloud)
A VPC is a Private Cloud created within the Public Cloud through the use of secure networks between the subscriber and the vendor and secure separation of data and processing within the vendor's environment. See alsoHybrid Cloud.
VPN (Virtual Private Network)
A VPN is a communications network tunneled through another network and dedicated for a specific network.
VSS (Verifiable Secret Sharing)
In cryptography, a secret sharing scheme is verifiable if auxiliary information is included that allows players to verify their shares as consistent. More formally, verifiable secret sharing ensures that even if the dealer is malicious there is a well-defined secret that the players can later reconstruct. In standard secret sharing, the dealer is assumed to be honest, see PSS.
WAN (Wide Area Network)
A WAN is a computer network that covers a significant geography, with commiunications links between different cities or facilities located in multiple metropolitan or governmental entities.
Web 2.0
WEb 2.0 is the term used to describe web applications that faciltate information sharing and allows people to interact and collaberate with each other over the Internet. See also Social Media.
WEB API
See API.
WebEx
WebEx Communications is a Cisco company that provides on-demand collaboration, online meeting, web conferencing and videoconferencing applications. Like other pioneering product names, WebEx has become a generic term for web conferencing.
Web-based Applications
A web-based application is one in which all or some parts of the software are downloaded from the Internet each time it is run. It often refers to browser-based applications that run within the user's Web Browser, but can also refer to thin- or thick-client applications that behave like local applications such as Java-based applications.
Web Service
Web services are typically application programming interfaces (API) or web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services.
XaaS (X as a Service)
A generic term that references all of the something as a service offerings over the Internet, including:
XML (Extensible Markup Language)
XML is a general-purpose markup language. It is classified as an extensible language because it allows its users to define their own tags. Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet.
Knowledge Center Links
