Glossary
Important Terms Used In Cloudnosys Platform
Cloud Account
Cloud account is referred to a single account in a cloud provider like AWS and AZURE. Cloudnosys platform serves like a bridge that uses the provided cloud account to run security checks, available for all enterprises who wants Cloudnosys as a security shield for their cloud infrastructure.
A formal relationship with Cloudnosys that is associated with all of the following:
– The owner email address and password
– The control of resources created under its umbrella
– Payment for the activities related to those resources
The cloud account has permission to do anything and everything with all the account resources. This is in contrast to a user, which is an entity contained within the account.
Cloud provider
A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations and/or individuals. Cloudnosys provides services of two major cloud providers; AWS and AZURE.
Compliance (Regulation)
Compliance refers to the vast set of regulations and principles that organizations must follow when using systems delivered through the cloud. For Cloudnosys, compliance is the process of conforming to the decisions and policies set by regulatory bodies. The policies are typically derived from internal directives, requirements and procedures, or from external laws, agreements, standards, regulations and agreements. Compliance in Cloudnosys platform includes ISO, NIST, HIPPA, CIS, GDPR, SOC2 and PCI DSS.
Governance
Refers to the process of applying and managing certain principles or policies on cloud environment to ensure they maintain the requisite security standards. The main goal of cloud governance and compliance is to safeguard user interests and ensure cloud services are managed, distributed and delivered in the best way possible.
Organisation
Organisation is an entity that owns users, cloud accounts, risks, resources and all the generated reports.
Resource
An entity that users can work with in AWS and AZURE, such as an EC2 instance, an Amazon DynamoDB table, an Amazon S3 bucket, virtual machines, database, an IAM user, an AWS OpsWorks, and so on.
Risk
Risk is a probability, threat or vulnerability that could negatively affect confidentiality, privacy, reliability, and integrity of a provider’s services and can cause great damage to user’s cloud environment. A cloud infrastructure contains sensitive and critical data, such as personal, government or business data, hence the risks includes unauthorized access to customer and business data, Denial of service, Insecure APIs, Compliance violation, etc.
Signature
Signatures are set of conditions or rules sets that tests your cloud environments for compliance against industry standards and best practices. Cloudnosys provides a comprehensive set of rulesets covering many of the common standards, such as PCI-DSS, GDPR, NIST, HIPAA, etc, for cloud security, which you can run immediately on your cloud accounts. In addition, you can build and test new rules according to your specific needs and compliance goals.
SaaS
Cloud application services, whereby applications are delivered over the internet by the provider so the applications don’t have to be purchased, installed, and run on the customer’s computers.
User
An entity that performs all the activities in an organization that includes creating cloud accounts, running scans, generating reports, etc.