Glossary

Access Control (AC): The process of regulating who can access what resources within a system or application.

API (Application Programming Interface): A set of instructions that allows applications to communicate with each other.

Authentication: The process of verifying a user's identity before granting access to a system or application.

Authorization: The process of determining what actions a user is allowed to perform after their identity has been verified.

Cloud Security: The practices and technologies used to protect data, applications, and infrastructure in the cloud.

Compliance: Adherence to a set of industry standards or regulations.

Data Breach: An incident where unauthorized access to sensitive data occurs.

Encryption: The process of transforming data into a scrambled format that can only be read by authorized users.

Horizontal SaaS (HaaS): Cloud-based applications that address general business needs across various departments or functions, such as CRM, marketing automation, or HR software.

Identity and Access Management (IAM): A framework for managing user identities and access controls.

Least Privilege: The security principle of granting users only the minimum permissions necessary to perform their job duties.

Multi-Factor Authentication (MFA): An authentication method that requires two or more verification factors to access a system or application.

OAuth: An open-standard authorization framework that allows users to grant third-party applications access to their data on another service.

Onboarding: The process of integrating new users or applications into a system or platform. In the context of SaaS, this refers to getting users set up with access and familiar with the application.

Risk Management: The process of identifying, assessing, and mitigating security risks.

SaaS (Software as a Service): A cloud-based software delivery model where applications are hosted by a provider and accessed over the internet.

Security Posture: The overall security state of an organization's IT infrastructure, including its cloud environment.

Security Misconfiguration: An incorrect or insecure configuration of a security setting or system.

Single Sign-On (SSO): An authentication method that allows users to access multiple applications with a single login.

Threat Actor: An individual or group that attempts to gain unauthorized access to a system or network.

Third-Party Application: A software application developed by a company outside of your organization.

User Provisioning: The process of creating and managing user accounts in a system or application.

Vertical SaaS (VaaS): Cloud-based applications designed to meet the specific needs of a particular industry or department, such as healthcare software for hospitals or legal practice management software for law firms.

Vulnerability: A weakness in a system or application that can be exploited by attackers.