Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

What is Cloud Security: 15 Essential Cloud Security Terms

Home
Industry Insights
What is Cloud Security: 15 Essential Cloud Security Terms

Blog Article Published: 12/01/2023

Written by Megan Theimer, Content Program Specialist, CSA.

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal effort. A cloud can consist of nearly any computing resources, ranging from processors and memory to networks, storage, and higher level resources like databases and applications.

Cloud security refers to the cybersecurity policies, procedures, and technologies designed to secure cloud environments. Read on to review 15 essential terms you should know related to cloud security.


1. On-Premises

“On-premises” is the opposite of “in the cloud.” This is a method of installing and running software on the user’s own computers and resources, rather than from a remote server or cloud.

Learn how cloud security is different from traditional on-premises security.


2. Cloud Migration

Cloud migration is the movement of applications and infrastructure from a physical data center to a cloud environment.

Get an overview of three major cloud migration strategies.


3. Digital Transformation

Digital transformation is the process of adopting new digital technologies and business models, such as cloud computing, with the goal of improving revenue, efficiency, or other business objectives.

Study best practices for building a digital transformation strategy.


4. Control

A control is a safeguard or countermeasure that helps manage risk, including policies, procedures, guidelines, practices, or organizational structures. Controls can be of an administrative, technical, management, or legal nature.

Learn what cloud controls are.


5. Control Framework

A control framework is a set of practices, procedures, and technical security measures designed to help organizations fulfill their responsibilities. The primary purpose is to prevent financial and informational losses within an organization, while ensuring regulatory compliance.

Check out CSA’s control framework for cloud security.


6. Cloud Governance

Cloud Governance encompasses the policies, processes, and internal controls that define an organization’s relationship to cloud computing. This includes structures, leadership, and other mechanisms for management.

Get an overview of the Cloud Governance module of CSA’s Certificate of Cloud Auditing Knowledge.


7. Self Assessment

A self assessment is a process that involves the owner/user performing an analysis of risk or compliance themselves, rather than by a third party.

Learn more about the cloud security self assessment offered by CSA.


8. Public Cloud

A public cloud is a cloud infrastructure that is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization. The physical hardware exists on the premises of the cloud provider.

Learn more about what public cloud means.


9. Private Cloud

A private cloud is a cloud infrastructure that is provisioned for exclusive use by a single customer or organization. It may be owned, managed, and operated by the same organization, a third party, or some combination of them, and it may exist on or off-premises.

Discover how security considerations differ for public and private clouds.


10. Hybrid Cloud

A hybrid cloud is a computing environment made up of some combination of public cloud, private cloud, and on-premises infrastructure.

Review hybrid cloud security best practices.


11. Infrastructure-as-a-Service (IaaS)

IaaS is a type of cloud service that offers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage.

Compare the three cloud service models.


12. Platform-as-a-Service (PaaS)

Paas is a type of cloud service that abstracts and provides development or application platforms, such as databases, file storage, or even proprietary application processing. With PaaS, you don’t manage the underlying servers, networks, or other infrastructure.

Hone in on the intricacies of PaaS.


13. Software-as-a-Service (SaaS)

SaaS is a type of cloud service where a full application is managed and hosted by the provider. Consumers access it with a web browser, mobile app, or a lightweight client app.

Learn about SaaS governance best practices.


14. Shared Responsibility Model

The shared responsibility model is the concept that the cloud customer and the cloud service provider have varying responsibilities depending on the cloud service level in effect. Defining the line between customer and provider responsibilities is imperative for reducing risk.

Check out this blog about the shared responsibility model.


15. Maturity Model

A maturity model is a model representing the stages of development of an organization, starting from an immature state and evolving through several maturity levels, in order to benchmark current capabilities and identify goals for improvement.

Understand the two maturity models for Zero Trust security.


CSA’s Cloud 101 page provides more resources and information to help you get started on your cloud security journey.

Cloud Controls MatrixShared Responsibility ModelTransitioning to the cloud

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Virtual Cloud Trust Summit 2024
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
Do You Know These 7 Terms About Cyber Threats and Vulnerabilities?

Published: 04/19/2024

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Published: 04/05/2024

Runtime is the Way

Published: 04/04/2024

CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong

Published: 04/03/2024