Cloud-Security

The shared responsibility model explains how security duties are divided between a cloud provider and the customer using the service.

Cloud security posture management helps organizations continuously assess cloud configurations and identify risky settings or policy drift.

Container security is the practice of protecting containerized applications, images, runtimes, and related orchestration workflows.

Kubernetes RBAC controls which users, groups, or service accounts can perform specific actions inside a Kubernetes cluster.

Cloud workload protection focuses on securing running cloud workloads such as virtual machines, containers, and application services.

Identity federation allows one trusted identity system to support access or sign-in across another system or security boundary.

Workload identity is the identity assigned to a non-human workload so it can authenticate and access needed resources without relying on shared static credentials.

A secrets manager is a service or tool used to store, retrieve, and control access to sensitive credentials and key material.

A security group is a cloud traffic control construct that defines which inbound or outbound connections are allowed for attached resources.

A virtual private cloud is a logically isolated cloud-network environment where organizations define connectivity, routing, and traffic boundaries for workloads.

Configuration drift is the gradual difference that develops between the intended secure configuration of a system and the way it is actually running.

A key management service is a managed platform capability for creating, protecting, and controlling the use of cryptographic keys.

Secure configuration is the practice of setting up systems, services, and workloads so they begin from a safer, more controlled state rather than from permissive defaults.

Immutable infrastructure is the practice of replacing systems with newly built versions instead of modifying running systems in place.

A cloud access security broker is a control layer that gives organizations visibility and policy enforcement between users or systems and cloud services.

VM escape is a security failure in which code running inside a virtual machine breaks out of that virtual boundary and affects the host or other workloads.

Cloud detection and response is the practice of identifying, investigating, and responding to security threats in cloud environments using cloud-native telemetry and workflows.