While dealing with Security Professionals as Devops/DevSecOps person, you will encounter certain terms and acronyms. It helps to understand what they mean and what tools are available for us to satisfy the security requirements. In this blog post, I will list and describe a few terms/acronyms and tools that I have come across relating to Cloud Security.
| Acronym or Term | Description | Example Services/Tools |
| SOC – Security Operation Center | Group within an organization that deals with monitoring, detecting, analyzing and responding to security incidents. | |
| CSPM – Cloud Security Posture Management | A set of policies/requirements that are used to assess Cloud Configuration. | GCP – Security Command Center Azure – Microsoft Defender for Cloud AWS Security Hub |
| KSPM – Kubernetes Security Posture Management | A set of policies/requirements that are used to assess Kubernetes Configuration. | GKE Policy Automation Aqua Wiz Open Policy Agent |
| SIEM – Security information and event management | Covers log collection, log storage, searching through logs and creating events/notifications/alerts/dashboards from the logs. | GCP – Chronicle Security Azure – Microsoft Sentinel Splunk |
| CIS – Center for Internet Security – Benchmarks | Recommendations to help protect systems against threats. | CIS Benchmarks List GCP – Security Command Center AWS – Security Hub |
| CIEM – Cloud infrastructure entitlement management | Monitors Cloud Identities and their privileges. This is used to identity/rectify personals with more permissions than required. | GCP – Role Recommender Azure – Microsoft Entra Permissions Management WIZ |
| CDR – Cloud Detection and Response | To help deal with security threats/attacks. | Google Chronicle WIZ Sysdig |
| PAM – Privileged access management | Complements CIEM. Set of services and policies relating to privileged access (accounts with elevated permissions). | CyberArk BeyondTrust HashiCorp Vault |
| DSPM – Data Security Posture Management | Data-centric approach to data discovery, access control, data governance etc. | WIZ Dig |
| PCI DSS – Payment Card Industry Data Security Standard | Standard that has been created to protect card holder data and hence prevent fraud. | Reference Guidelines for GCP PCI DSS on AWS PCI DSS on Azure Qualys PCI Compliance |
| Code scanning, Container Scanning, IaC Scanning | Find vulnerabilities in code, dependencies, container and Infrastructure as Code. | Snyk GCP Artifact Analysis Amazon Inspector Code Scanning – Github Vulnerability Management – WIZ Trivy – Aqua tfsec Open Policy Agent |