Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

What is Cloud Security: 15 Essential Cloud Security Terms

What is Cloud Security: 15 Essential Cloud Security Terms

Blog Article Published: 12/01/2023

Written by Megan Theimer, Content Program Specialist, CSA.

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal effort. A cloud can consist of nearly any computing resources, ranging from processors and memory to networks, storage, and higher level resources like databases and applications.

Cloud security refers to the cybersecurity policies, procedures, and technologies designed to secure cloud environments. Read on to review 15 essential terms you should know related to cloud security.


1. On-Premises

“On-premises” is the opposite of “in the cloud.” This is a method of installing and running software on the user’s own computers and resources, rather than from a remote server or cloud.

Learn how cloud security is different from traditional on-premises security.


2. Cloud Migration

Cloud migration is the movement of applications and infrastructure from a physical data center to a cloud environment.

Get an overview of three major cloud migration strategies.


3. Digital Transformation

Digital transformation is the process of adopting new digital technologies and business models, such as cloud computing, with the goal of improving revenue, efficiency, or other business objectives.

Study best practices for building a digital transformation strategy.


4. Control

A control is a safeguard or countermeasure that helps manage risk, including policies, procedures, guidelines, practices, or organizational structures. Controls can be of an administrative, technical, management, or legal nature.

Learn what cloud controls are.


5. Control Framework

A control framework is a set of practices, procedures, and technical security measures designed to help organizations fulfill their responsibilities. The primary purpose is to prevent financial and informational losses within an organization, while ensuring regulatory compliance.

Check out CSA’s control framework for cloud security.


6. Cloud Governance

Cloud Governance encompasses the policies, processes, and internal controls that define an organization’s relationship to cloud computing. This includes structures, leadership, and other mechanisms for management.

Get an overview of the Cloud Governance module of CSA’s Certificate of Cloud Auditing Knowledge.


7. Self Assessment

A self assessment is a process that involves the owner/user performing an analysis of risk or compliance themselves, rather than by a third party.

Learn more about the cloud security self assessment offered by CSA.


8. Public Cloud

A public cloud is a cloud infrastructure that is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization. The physical hardware exists on the premises of the cloud provider.

Learn more about what public cloud means.


9. Private Cloud

A private cloud is a cloud infrastructure that is provisioned for exclusive use by a single customer or organization. It may be owned, managed, and operated by the same organization, a third party, or some combination of them, and it may exist on or off-premises.

Discover how security considerations differ for public and private clouds.


10. Hybrid Cloud

A hybrid cloud is a computing environment made up of some combination of public cloud, private cloud, and on-premises infrastructure.

Review hybrid cloud security best practices.


11. Infrastructure-as-a-Service (IaaS)

IaaS is a type of cloud service that offers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage.

Compare the three cloud service models.


12. Platform-as-a-Service (PaaS)

Paas is a type of cloud service that abstracts and provides development or application platforms, such as databases, file storage, or even proprietary application processing. With PaaS, you don’t manage the underlying servers, networks, or other infrastructure.

Hone in on the intricacies of PaaS.


13. Software-as-a-Service (SaaS)

SaaS is a type of cloud service where a full application is managed and hosted by the provider. Consumers access it with a web browser, mobile app, or a lightweight client app.

Learn about SaaS governance best practices.


14. Shared Responsibility Model

The shared responsibility model is the concept that the cloud customer and the cloud service provider have varying responsibilities depending on the cloud service level in effect. Defining the line between customer and provider responsibilities is imperative for reducing risk.

Check out this blog about the shared responsibility model.


15. Maturity Model

A maturity model is a model representing the stages of development of an organization, starting from an immature state and evolving through several maturity levels, in order to benchmark current capabilities and identify goals for improvement.

Understand the two maturity models for Zero Trust security.



CSA’s Cloud 101 page provides more resources and information to help you get started on your cloud security journey.

Share this content on your favorite social network today!