Cloud Security Dictionary
This guide explains key terms used in cloud security and the Cyscale Cloud Platform.
Core Concepts
Alerts
Security notifications triggered when:
- Resources fail security checks
- Misconfigurations are detected
- Compliance violations occur
- Security thresholds are exceeded
In Cyscale, alerts are generated when assets fail to meet specific security controls.
Assets
Any cloud resource in your infrastructure, such as:
- Compute instances (EC2, Azure VMs)
- Storage volumes
- Network interfaces
- Identity resources (users, roles)
- Database instances
Asset Components
Cloud resources often consist of multiple assets. For example, an AWS EC2 instance includes:
- The compute instance itself
- Attached EBS volumes
- Network interfaces (ENIs)
- Security groups
- Elastic IP addresses (if assigned)
Connectors
Integration points that link Cyscale to your:
- Cloud provider accounts
- AWS accounts
- Azure subscriptions
- Google Cloud projects
- Alibaba Cloud accounts
- Identity providers
- Okta organizations
- Azure Active Directory
- Google Workspace
Controls
Security rules that verify specific requirements:
- Based on industry standards (like ISO 27001)
- Define specific checks (e.g., "Ensure S3 bucket MFA Delete is enabled")
- Include:
- Detailed descriptions
- Remediation steps
- Severity ratings (Low/Medium/High)
- Implementation guidance
CSPM
Cloud Security Posture Management:
- Gartner-defined security category
- Focuses on cloud misconfigurations
- Ensures compliance with security standards
- Works across multiple cloud providers
- Example: Identifying publicly accessible storage buckets
Exemptions
Rule exceptions that:
- Exclude specific assets from specific controls
- Mark excluded assets as compliant
- Help manage false positives
- Support legitimate business cases
Policies
Security governance documents that:
- Define security requirements
- Map to specific controls
- Include implementation procedures
- Support compliance frameworks
Procedures
Implementation guidelines that:
- Group related controls
- Provide step-by-step instructions
- Define how to meet policy requirements
- Include detailed documentation
Sync
The data synchronization process that:
- Updates Cyscale's asset inventory
- Reflects current cloud configurations
- Triggers security assessments
- Maintains accurate compliance status