Cloud Security
Infrastructure as a Service (IaaS)
Also known as: Infrastructure cloud
Definition
A cloud service model in which the provider delivers virtualized compute, storage, and networking, while the customer manages the OS, middleware, and applications on top.
Examples
- An EC2 instance running an outdated Linux kernel with port 22 open to 0.0.0.0/0.
- Azure Bastion replacing public RDP access to virtual machines.
Related terms
Platform as a Service (PaaS)
A cloud model in which the provider manages the runtime, middleware, OS, and infrastructure while the customer focuses on application code and data.
Software as a Service (SaaS)
A cloud delivery model in which a vendor hosts and operates an application that customers access over the Internet on a subscription basis.
Function as a Service (FaaS)
Function as a Service (FaaS) — definition coming soon.
Shared Responsibility Model
A cloud security framework that splits security duties between the cloud provider (security of the cloud) and the customer (security in the cloud).
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
CSPM (Cloud Security Posture Management)
A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations.