You can’t master cloud native security if you don’t speak the language of cloud native technology. If you don’t yet know the lexicon, fear not: in this blog, we’ve put together the ultimate list of all the cloud native security terms you should know, along with their definitions. We’ll also highlight some subtle differences in terms, like cloud native security vs. cloud native application security.

Cloud native security terms and concepts, from A to Z

A

• API: Short for Application Programming Interface, an API is a service that lets applications or services talk to one another.

• API Security: The art and science of keeping APIs secure by preventing API sprawl, identifying API vulnerabilities and enforcing API security policies. For more, read our guide to API security.

• API server: A host that accepts API requests from clients.

• API gateway: A tool that manages API requests between multiple services or applications, providing a centralized means of tracking and securing those requests.

• Azure: A major public cloud platform from Microsoft.

• Autoscaling: The ability of cloud services to scale up or down automatically based on predefined policies.

C

• Cloud native: An approach to application design and deployment that focuses on taking full advantage of distributed architecture and cloud services.
• Cloud native security: The tools and processes required to secure cloud native applications. Visit Cisco Secure Application for more information on our cloud native security tool.
• Cloud native application security platform (CNAPP): A CNAPP is an all-in-one platform that simplifies monitoring, detecting, and remediating potential cloud security threats and vulnerabilities — from pre-deployment phases to incidents live in production.
• Cloud computing: An IT architectural paradigm in which resources are hosted on remote cloud servers and delivered via the network.
• Cloud native applications: Applications designed using a cloud native approach.
• Cluster: A group of servers that are centrally managed using a platform like Kubernetes.
• CNCF: The Cloud Native Computing Foundation, an open source organization that is part of the Linux Foundation & sponsors a variety of cloud native applications and software projects.
• Container: A software-defined environment that provides applications and host servers with the ability to run in any environment
• Containerized: Applications deployed using containers.
• CI/CD: Short for Continuous Integration/Continuous Delivery, a software development and deployment process that emphasizes rapid, iterative software updates.
• Continuous Integration: The ability to integrate new code rapidly and continuously into the workflow process.
• Continuous delivery: The process of delivering new application releases on a frequent, steady basis.

D

• Day one: A term that refers to the initial setup period of an IT resource or environment, as opposed to “day two,” which is the period when the resource is up and running and needs to be managed on an ongoing basis.
• DevOps: An approach to software delivery that emphasizes close collaboration between developers and IT operations teams.
• Digital transformation: The process of migrating and evolving IT resources to take full advantage of modern, digital technology.
• Docker: A container runtime and management framework that helped popularize modern application containers.
• DevSecOps: A security philosophy that emphasizes constant collaboration between developers, IT Ops engineers and security teams.

E

• Envoy: An open source proxy tool that helps distributed applications or services communicate.
• Egress: Network data that flows out of an environment.
• Encryption: A means of making the contents of data unreadable except to people who have a decryption key.

H

• Hybrid cloud: A cloud architecture that combines public cloud services or resources with private infrastructure.

I

• Image: A file that contains the data and instructions required to launch a container or virtual machine (VM).
• Infrastructure-as-a-Service (IaaS): A type of cloud computing service in which servers, data storage or other infrastructure resources are available over the Internet.
• Infrastructure-as-Code (IaC): A means of provisioning infrastructure automatically using predefined templates. Read more about IaC.
• Ingress: Data that flows into an environment from outside the service perimeter.
• Istio: An open source service mesh that helps manage traffic between multiple services or applications.

J

• JSON: A file formatting and configuration management language that can be used to define configurations for systems like Kubernetes.

K

• Kubernetes: An open source container orchestration platform that allows you to automate software deployments.
• Kafka: An open source event streaming platform.
• Kubectl: The primary command line interface (CLI) tool for interacting with Kubernetes environments.
• Kubelet: An agent that runs on nodes in a Kubernetes cluster to connect them to the rest of the cluster.

L

• Label: A descriptor that can be applied to resources like containers, telling systems like Kubernetes how to run or manage them.

M

• Microservices: An application architecture that breaks functionality down into discrete, small, services.
• MiniKube: A tool which allows you to run a single-node Kubernetes cluster locally on your personal computer.
• Multicloud: A cloud architecture that combines two or more public clouds.
• Monolithic apps: An application architecture in which all functionality runs as a single service, instead of microservices.
• Microsegmentation: The practice of isolating resources granularly by creating unique security policies for each one.

N

• Namespace: A virtual environment that can be used to isolate workloads in Kubernetes.
• Node: A server that runs as part of a cluster in a system like Kubernetes.

O

• Orchestration: The process of managing multiple application services, containers or other resources.

P

• Platform: A collection of IT tools or services that serve a specific purpose.
• Platform-as-a-Service (PaaS): A type of cloud platform that combines development tools with deployment tools and hosting infrastructure.
• Platform developer: A developer who specializes in a certain platform.
• Private cloud: A type of cloud architecture that relies on privately owned infrastructure, as opposed to public cloud servers and services.
• Pod: One or more containers that operate as part of a related workload in Kubernetes. See more about Kubernetes pods.
• Prometheus: An open source monitoring tool.
• Pull: The act of downloading a container image from a registry.

R

• RBAC: Short for Role Based Access Control, a type of access management system in which user permissions are configured based on each user’s individual role in the system.
• Repository: A server that hosts source code, container images or other types of artifacts, making them easy for others to download.

S

• Service mesh: A type of tool that helps application services or microservices communicate with each other.
• Shadow APIs: APIs that run in the backend of an application, and can be difficult to detect without the proper visibility tools, such as APIClarity.
• Shift left: An application development strategy that focuses on identifying security and performance issues as early as possible in the application development lifecycle.
• Sidecar: A special type of pod or container that runs alongside other containers to provide complementary functionality, such as hosting a monitoring agent.
• Software-as-a-Service (SaaS): A cloud architectural paradigm in which applications are fully hosted and managed on remote infrastructure and made available to users over the Internet.
• Secret vault: A tool designed to store secrets, such as passwords and access keys, securely and centrally to avoid authentication issues.

T

• Terraform: An open source IaC platform that allows you to manage the entire lifecycle of infrastructure.
• Token: A unique identifier (secret) that can be used to secure API access requests.

V

• VMware: A widely used platform for running virtual machines.
• Virtual machine: A software-defined environment that includes a complete guest operating system, and that provides more isolation for workloads than containers.
• Visibility: The ability to understand what is happening inside an IT environment.

W

• Workload: A generic term that refers to an IT resource or set of resources that serve a specific purpose, such as an application and the data it requires to run.

Y

• YAML: A configuration language widely used to manage resources in systems like Kubernetes.

Z

• Zero trust: A security strategy that requires resources to be isolated by default, and to be deemed trustworthy only after they have been explicitly validated.
• Zero day: A type of security vulnerability that has been discovered but for which no patch is yet available.
• Zombie APIs: APIs that are assumed to no longer be in use, but which could be in use by applications without developers’ knowledge.

Learn the A to Zs of cloud native security

And there you have it: All the terms and cloud native security concepts you need to know to thrive at the cloud native security game. If you want more insight on how cloud native security is applied today, read the rest of our articles on cloud native security.