- Cloud computing
- On-demand delivery of computing resources — servers, storage, applications — over the internet on a pay-as-you-go basis.
- IaaS (Infrastructure as a Service)
- The provider supplies raw compute, storage, and networking; you manage the OS, runtime, and applications. Example: virtual machines.
- PaaS (Platform as a Service)
- A managed environment to build, test, and run applications; you manage only your code and data, not the platform below.
- SaaS (Software as a Service)
- Complete, ready-to-use applications delivered over the internet, such as web email or CRM. The provider manages everything.
- XaaS (Anything as a Service)
- Umbrella term for any cloud delivery model, including DBaaS, CaaS, BPaaS, and MaaS.
- Service models (order)
- IaaS → PaaS → SaaS. Moving up the stack, the provider manages more and the customer manages less.
- Public cloud
- A cloud owned and operated by a third-party provider and shared by many tenants (multi-tenant) over the internet. Lowest cost, highest scale.
- Private cloud
- A cloud dedicated to a single organization, on-premises or hosted, giving the most control and isolation at higher cost.
- Hybrid cloud
- A combination of public and private cloud connected so workloads and data can move between them; enables cloud bursting.
- Community cloud
- A cloud shared by several organizations with common concerns, such as the same compliance or security requirements.
- Cloud bursting
- Overflowing from a private cloud into a public cloud when demand spikes — a hybrid-cloud capability.
- Shared responsibility model
- The framework defining which security and management duties belong to the provider vs. the customer; the split shifts with the service model.
- Elasticity
- The cloud's ability to automatically add or remove resources to match demand in near real time, in both directions.
- Scalability
- The capacity to grow or shrink resources to handle changing workloads; can be vertical or horizontal.
- Vertical scaling (scale up)
- Adding more power — CPU or RAM — to an existing resource.
- Horizontal scaling (scale out)
- Adding more resources of the same type, such as additional servers behind a load balancer.
- Self-service
- The ability for users to provision cloud resources on demand without provider intervention.
- Broad network access
- Cloud capabilities available over the network and accessed through standard devices.
- Pay-as-you-go
- A pricing model where you pay only for the resources you actually consume.
- Availability (cloud characteristic)
- Designing systems so resources remain accessible with minimal downtime, often via redundancy and multiple zones.
- Direct connect
- A dedicated, private network link between an organization and a cloud provider, bypassing the public internet.
- VPN (Virtual Private Network)
- An encrypted tunnel over the internet used to connect securely to cloud resources.
- RDP (Remote Desktop Protocol)
- A protocol for remotely accessing a graphical desktop, commonly used to manage Windows cloud instances.
- SSH (Secure Shell)
- An encrypted protocol for remote command-line access, commonly used to manage Linux cloud instances.
- HTTPS
- Hypertext Transfer Protocol Secure — encrypted web traffic; a common access method for cloud services.
- SDN (Software-Defined Networking)
- Separating the network control plane from the data plane and managing it centrally in software, making cloud networks programmable.
- Load balancing
- Distributing incoming traffic across multiple servers to improve performance and availability.
- DNS (Domain Name Service)
- Translates human-readable domain names into IP addresses so users can reach cloud services.
- Firewall
- A control that filters network traffic to and from cloud resources based on security rules.
- Object storage
- Stores data as objects with metadata in a flat namespace; ideal for unstructured data at scale (backups, media, big data).
- Block storage
- Splits data into fixed blocks attached to a server like a virtual disk; ideal for databases and low-latency workloads.
- File storage
- Organizes data as a hierarchy of files and folders accessed over a network share.
- Compression (storage)
- Reducing the size of stored data to save capacity and cost.
- Deduplication
- Eliminating duplicate copies of data so only one instance is stored, saving capacity.
- Capacity on demand
- Provisioning additional storage as needed without buying it up front.
- Hot vs. cold storage
- Hot storage is fast and for frequently accessed data; cold storage is cheap and for rarely accessed archives.
- Software-defined storage
- Abstracting storage management into software, decoupled from the underlying hardware, like SDN does for networks.
- CDN (Content Delivery Network)
- Geographically distributed servers that cache content close to users to cut latency and reduce origin load.
- Redundancy
- Duplicating critical components so the failure of one does not cause an outage.
- High availability
- Designing systems to stay operational with minimal downtime, often through redundancy and zones.
- Disaster recovery (DR)
- The plan and resources to restore systems and data after a major disruption.
- RPO (Recovery Point Objective)
- The maximum amount of data, measured in time, you can afford to lose in an incident; it sets backup frequency. Looks backward.
- RTO (Recovery Time Objective)
- The maximum acceptable downtime to restore service after an incident; driven by recovery speed. Looks forward.
- Current and future requirements
- Defining what the business needs now and will need later, a key input to a cloud assessment.
- Baseline (assessment)
- A snapshot of current performance and cost used as a reference point for a cloud assessment.
- Feasibility study
- An assessment of whether a cloud project is practical and worth pursuing.
- Gap analysis
- A comparison of the current state to the desired future state to identify business and technical gaps to close.
- Benchmarks
- Standard reference measurements used to compare options or judge performance during an assessment.
- Key stakeholders
- The people with an interest in or influence over a cloud project, identified early in an assessment.
- Point of contact
- The designated person responsible for communication on a cloud project or vendor relationship.
- CapEx (Capital Expenditure)
- A large up-front purchase of assets like servers, depreciated over years; fixed and predictable.
- OpEx (Operating Expenditure)
- Ongoing, pay-as-you-go costs expensed as incurred; variable and usage-based. Cloud shifts spending from CapEx to OpEx.
- CapEx → OpEx shift
- The core financial argument for the cloud: replace big up-front asset purchases with ongoing pay-as-you-go spend.
- Variable vs. fixed cost
- Variable cost changes with usage (typical of cloud); fixed cost stays constant regardless of usage.
- TCO (Total Cost of Ownership)
- The full cost of a solution over its life, including hidden and indirect costs, used to compare options.
- ROI (Return on Investment)
- The financial benefit of a project relative to its cost.
- Billing (cloud)
- The metering and invoicing of consumed cloud resources, often itemized by service and usage.
- RFI (Request for Information)
- A document that gathers general information about vendors and their capabilities.
- BYOL (Bring Your Own License)
- Reusing software licenses you already own when moving a workload to the cloud, avoiding paying twice.
- Subscription licensing
- Paying a recurring fee (per user or per period) that bundles the software license into the cloud cost.
- Human capital
- The people side of cloud adoption — training and professional development to build needed skills.
- SOW (Statement of Work)
- A document detailing the specific deliverables and tasks a vendor will provide.
- SLA (Service Level Agreement)
- A contract defining the expected level of service — uptime, performance, support — and the remedies if it is missed.
- Professional services
- Vendor-provided expertise (time to market, skill availability, support, managed services) that supports cloud adoption.
- Managed services
- Outsourcing the operation and maintenance of cloud resources to a provider (MSP).
- Proof of concept (PoC)
- A small experiment that tests whether an idea or technology can work at all.
- Proof of value (PoV)
- A demonstration that a solution delivers measurable business benefit.
- Pilot
- A limited, real-world deployment to a subset of users that validates a solution before full rollout.
- Success criteria
- The defined, measurable conditions a pilot or evaluation must meet to be judged successful.
- Open-source vs. proprietary
- Open-source software is freely available and modifiable; proprietary software is owned and licensed by a vendor.
- Identity access management (IAM)
- Managing who can access what in the cloud, using controls like SSO, MFA, and federation.
- Single sign-on (SSO)
- Authenticating once to gain access to multiple applications.
- Multifactor authentication (MFA)
- Requiring two or more verification factors (something you know, have, or are) to grant access.
- Federation
- Linking a user's identity across multiple systems or organizations so one login works across trust boundaries.
- Microservices
- Breaking an application into small, independent services that each do one job and communicate over APIs.
- Containerization
- Packaging an app with its dependencies into a lightweight, portable container that runs the same way anywhere.
- Machine learning (ML)
- A data-analytics technique where systems learn patterns from data to make predictions without explicit programming.
- Artificial intelligence (AI)
- Systems that perform tasks normally requiring human intelligence; a cloud-enabled data-analytics capability.
- Big data
- Extremely large or complex data sets that the cloud can store and analyze cost-effectively.
- IoT (Internet of Things)
- A network of connected devices and sensors that generate and exchange data, often processed in the cloud.
- Blockchain
- A distributed, tamper-evident ledger of records shared across a network; a cloud-supported solution.
- VDI (Virtual Desktop Infrastructure)
- Hosting user desktops on cloud servers and streaming them to thin clients or devices.
- Lift and shift (rehost)
- Migrating an application to the cloud largely unchanged — fast and low-effort, but not cloud-native.
- Rip and replace
- Rebuilding or swapping an application for a cloud-native or SaaS solution — high effort, biggest long-term payoff.
- Phased migration
- Moving workloads to the cloud in stages to limit risk and disruption.
- Hybrid migration
- Keeping some workloads on-premises while moving others to the cloud.
- Replication
- Copying data across locations or systems for redundancy, performance, or availability.
- Data locality
- Where data is physically stored, which affects performance, cost, and compliance.
- Backup
- Creating recoverable copies of data to protect against loss.
- Disposable resources
- Cloud resources that can be spun up and torn down on demand, treated as temporary.
- Zones (availability zones)
- Isolated locations within a cloud region used to build redundancy and high availability.
- Geo-redundancy
- Replicating resources across geographically separate locations to survive a regional failure.
- Monitoring and visibility
- Continuously observing cloud resources through alerts and logging to detect issues and inform decisions.
- Alerts
- Automated notifications triggered when a monitored metric crosses a threshold.
- Logging
- Recording events and activity in cloud systems for troubleshooting, audit, and security.
- Auto-scaling
- Automatically adjusting the number of running resources to match demand, protecting performance and cost.
- Right-sizing
- Matching each resource's type and size to its actual workload to avoid paying for over-provisioned capacity.
- Optimization (cloud)
- Tuning cloud resources — via auto-scaling and right-sizing — to balance performance against cost.
- Infrastructure as code (IaC)
- Defining and provisioning infrastructure through version-controlled template files instead of manual setup.
- Templates (IaC)
- Reusable, machine-readable definitions of infrastructure used to provision resources consistently.
- CI/CD (Continuous Integration/Continuous Delivery)
- Automating the build, test, and release of software to deliver changes quickly and reliably.
- Sandboxing
- Running code or tests in an isolated environment so they cannot affect production.
- Load testing
- Testing how a system performs under expected and peak traffic.
- Regression testing
- Re-testing after changes to confirm existing functionality still works.
- Orchestration
- The automated coordination of multiple tasks and services into a single managed workflow.
- Automation
- Performing a single task without manual intervention; orchestration strings many automated tasks together.
- Configuration management
- Maintaining systems in a known, consistent state through orchestration, automation, and patching.
- Upgrades and patching
- Applying software updates and security fixes to keep cloud systems current and secure.
- API integration
- Connecting cloud services and applications programmatically through application programming interfaces.
- DevOps
- A culture and practice uniting development and operations to deliver software faster and more reliably.
- Reserved instance
- Capacity committed for a 1- or 3-year term in exchange for a discount; best for steady, predictable workloads.
- Spot instance
- A provider's spare capacity offered at a deep discount but reclaimable at short notice; best for interruptible jobs.
- Chargeback
- Billing each department or project for the cloud resources it actually consumes, driving accountability.
- Resource tagging
- Attaching metadata labels (owner, environment, cost center) to resources for tracking and cost allocation.
- Licensing type and quantity
- Tracking what licenses are used and how many, to avoid over- or under-licensing risk.
- Maintenance (cloud spend)
- Ongoing operational costs to keep cloud resources running, reviewed as part of financial expenditures.
- Risk assessment
- Identifying and evaluating risks, including asset inventory, classification, and ownership.
- Asset inventory
- A catalog of an organization's assets, used as the starting point for risk assessment.
- Mitigation
- A risk response that reduces the probability or impact of a risk (e.g., encryption, redundancy).
- Acceptance (risk)
- A risk response that acknowledges a risk and takes no further action, often when treating it costs more than the impact.
- Avoidance (risk)
- A risk response that eliminates the risk by not engaging in the activity that causes it.
- Transfer (risk)
- A risk response that shifts the impact to a third party, such as insurance or a contractual clause.
- Risk register
- A document recording identified risks with their findings, owner, response, and status.
- Vendor lock-in
- The difficulty and cost of moving off a cloud provider once you depend on its proprietary services and formats.
- Data portability
- The ability to export your data in a usable, standard format so you can switch providers; counters vendor lock-in.
- Standard operating procedure (SOP)
- A documented, repeatable process for performing a task consistently.
- Change management
- A controlled process for reviewing, approving, and implementing changes to systems.
- Incident response
- The planned process for detecting, containing, and recovering from a security incident.
- Access and control policies
- Rules that define who may access which resources and under what conditions.
- Data sovereignty
- The principle that data is subject to the laws of the country where it is physically stored.
- Regulatory concerns
- Laws such as GDPR or HIPAA that govern how data must be handled in the cloud.
- Industry-based requirements
- Sector-specific rules, such as PCI DSS for payment card data, that a cloud deployment must meet.
- International standards
- Frameworks like ISO standards that provide consistent, recognized requirements across borders.
- Certifications (compliance)
- Independent attestations that a provider meets a given standard, used to prove compliance.
- Threat
- A potential event or actor that could exploit a vulnerability to cause harm.
- Vulnerability
- A weakness in a system that could be exploited, such as unpatched software or a misconfiguration.
- Penetration testing
- An authorized simulated attack used to find exploitable security weaknesses.
- Vulnerability scanning
- Automated scanning that detects known weaknesses in systems and configurations.
- Application scanning
- Testing applications for security flaws such as injection or misconfiguration.
- CIA triad
- The core information-security goals: Confidentiality, Integrity, and Availability.
- Confidentiality (encryption)
- Keeping data secret from unauthorized parties, protected with encryption and sanitization.
- Integrity (validation)
- Ensuring data is accurate and unaltered, protected with validation controls.
- Encryption
- Encoding data so only authorized parties with the key can read it; protects confidentiality.
- Sanitization
- Securely removing data from media so it cannot be recovered.
- Data classification (Public/Private/Sensitive)
- Labeling data by sensitivity so the right controls and handling are applied.
- Least privilege
- Granting each user or process only the minimum access it needs, and nothing more.
- Authorization
- Determining what an authenticated user is allowed to do.
- Hardening
- Reducing a system's attack surface by removing unnecessary services and applying secure configurations.
- Audit (security)
- A review of access, configurations, and activity to verify security and compliance.
- CASB (Cloud Access Security Broker)
- A control point that enforces security policy between users and cloud services.
- Breach
- An incident in which data is accessed, disclosed, or stolen without authorization.
- DDoS (Distributed Denial of Service)
- An attack that floods a service with traffic from many sources to make it unavailable.