Reference guide to key terms in cloud technologies, cybersecurity, DevOps and IT infrastructure. Click a term to see related articles.
Artificial Intelligence — machine learning and neural network technologies for automation and analytics.
Azure Kubernetes Service — Microsoft managed service for running Kubernetes without manual cluster management.
A Red Hat automation tool for configuration management, application deployment and IT process orchestration. Uses YAML playbooks and requires no agents on managed machines.
A Ukrainian IT expert who has been working in the country’s IT industry since the mid-1990s. Anton Marrero holds a профиль-related higher education degree, having graduated from the Kyiv Polytechnic Institute and the International Institute of Management (MIM). After completing his studies, Anton co-founded the company Softline together with like-minded partners, where he actively developed his professional skills and participated in numerous IT projects. Currently, Mr. Marrero continues to realize his professional potential and leverages his extensive experience to contribute to the development of Intecracy Group as a member of its Supervisory Board. Anton Marrero is also actively involved in professional IT community events in Ukraine, where he shares his experience and knowledge with younger generations of professionals.
Application Programming Interface — a set of protocols and tools for integrating applications with each other. REST API, GraphQL and gRPC are the most common types. The foundation of modern microservices architecture.
A continuous delivery tool for Kubernetes implementing the GitOps approach. Monitors repository state and automatically syncs cluster configuration with the Git description.
IT process automation: CI/CD, orchestration, workflows. Reduces errors and accelerates delivery.
Amazon Web Services — Amazon leading cloud platform: compute, storage, databases, AI and IoT.
AWS cost optimization strategies: Reserved Instances, Savings Plans, spot instances.
Microsoft Azure — cloud platform for building and managing applications through a global datacenter network.
A Microsoft service for managing hybrid and multi-cloud infrastructure from a single Azure portal. Allows applying Azure policies to servers, Kubernetes clusters and databases in any environment.
Azure tools for monitoring and optimizing cloud costs: Cost Management, Advisor.
Azure disaster recovery service for VM replication and failover between regions or from on-premises.
Microsoft's hyperconverged infrastructure allowing Azure services to run on local hardware. An ideal hybrid cloud solution with Azure Arc support.
Azure virtual desktop service. Full Windows desktop accessible from any device.
Capital Expenditure — upfront spending on servers, network equipment and licenses. In the cloud model, CAPEX shifts to OPEX — subscription-based payment.
Continuous Integration / Continuous Delivery — the practice of automated code building, testing and delivery. CI verifies changes after each commit, CD automatically deploys tested code to production.
Cisco Systems — a global leader in networking, security and communications for enterprise networks.
Cisco's cloud-managed networking platform for managing Wi-Fi, switches, routers and cameras from a single dashboard. Ideal for distributed offices and retail.
Designing IT systems with cloud services in mind: selecting components, connections between them, security policies and scaling. Proper architecture is the foundation of reliable and cost-effective cloud infrastructure.
Reducing cloud resource costs without performance loss: rightsizing, reserved capacity.
Cloud financial management: budgeting, forecasting, cost allocation.
The process of moving IT infrastructure and applications from on-premises to the cloud.
The process of moving IT infrastructure, applications and data from on-premises servers to a cloud environment. Includes planning, compatibility assessment, actual transfer and optimization.
Cloud services — IT resources over the internet on pay-per-use model (IaaS, PaaS, SaaS).
A strategy where new IT solutions are first considered for cloud deployment.
A software development approach that fully leverages cloud computing: microservices, containers, CI/CD, autoscaling. Applications are designed for the cloud from day one.
IT system adherence to regulatory requirements and standards: GDPR, ISO 27001, SOC 2, PCI DSS. Cloud providers offer compliance certifications, but responsibility is shared between provider and customer.
A technology for isolating applications in containers — lightweight, portable environments containing code, dependencies and configuration. Ensures consistent application behavior across any environment.
Technology for packaging applications into containers for portability and consistent behavior.
Lightweight isolated environments for running applications with all dependencies and portability.
Microsoft AI assistant integrated into Microsoft 365 and Azure for automating routine tasks.
IT cost optimization: analysis, rightsizing, automation, transition to OPEX model.
An AI-powered cybersecurity platform for protecting endpoints, cloud workloads and identities. Falcon is their flagship EDR/XDR product.
Practices and technologies for protecting IT systems, networks and data from cyber threats.
A culture and set of practices uniting development (Dev) and operations (Ops) to shorten the software release cycle. Includes CI/CD, IaC, monitoring and automation.
DevOps automation: CI/CD pipelines, IaC, automated testing, deployment and monitoring.
A plan and procedures for restoring IT systems after failures, disasters or cyberattacks. Defined by RPO and RTO metrics. Can be implemented via DRaaS in the cloud.
Data Loss Prevention — technologies and policies preventing confidential data leakage outside the organization. Controls file movement via email, cloud storage, USB devices, etc.
Domain Name System — converts domain names (google.com) into IP addresses. A critical network infrastructure component and attack vector (DNS spoofing, DNS tunneling).
A platform for building, deploying and running applications in containers. A Docker container includes code, dependencies and configuration, ensuring consistent operation on any server.
Disaster Recovery as a Service — a cloud service providing server and data replication to a backup datacenter with automatic failover during outages.
Endpoint Detection and Response — a technology for monitoring and responding to threats on endpoints (workstations, servers). Detects suspicious behavior and allows rapid isolation of compromised machines.
Microsoft Entra ID (formerly Azure AD) — a cloud identity and access service. Provides SSO, MFA, conditional access and identity management for Microsoft 365 and thousands of SaaS applications.
Financial management of cloud spending — a practice uniting IT, finance and business to optimize cloud costs. Includes monitoring, forecasting, rightsizing and governance.
FinOps practices: resource tagging, rightsizing, budgets, Reserved Instances, governance.
An operational model where a Git repository is the single source of truth for infrastructure and configuration. Changes are made via pull requests and the system automatically syncs cluster state.
The ability of a system to operate continuously with minimal downtime. Achieved through redundancy, load balancing and geographic distribution. Measured in "nines": 99.9%, 99.99%, etc.
IT architecture combining on-premises with public cloud for balance of control and flexibility.
An IT architecture combining on-premises infrastructure with a public cloud. Data and workloads move between environments based on security, performance and cost requirements.
Infrastructure as a Service — a cloud model where a provider supplies virtual servers, networks, and storage. Instead of buying physical hardware, you rent resources and pay for actual consumption.
Infrastructure as Code — managing IT infrastructure through code instead of manual configuration. Code is stored in Git, versioned, tested and automatically applied. Tools: Terraform, Ansible, Pulumi.
Managing IT infrastructure through code. Tools: Terraform, Ansible, Pulumi.
Microsoft Intune — a cloud platform for mobile device management (MDM) and mobile application management (MAM). Controls corporate and BYOD devices from a single console.
The totality of hardware, software, networks and services supporting organization IT systems.
Long-term IT development plan aligned with business goals: technology, budget, roadmap.
An open-source container orchestration system for automating deployment, scaling and management of containerized applications. The de facto standard for cloud-native infrastructure.
A migration strategy where applications are moved to the cloud without code or architecture changes. The fastest migration method, but does not leverage cloud advantages optimally.
A component that distributes network traffic across multiple servers to ensure high availability and performance. Can be hardware or cloud-based (Azure Load Balancer, AWS ALB).
Outsourcing management of part or all of IT infrastructure to an external provider. Includes monitoring, support, updates and 24/7 incident response.
Multi-Factor Authentication — requires two or more methods of identity verification: password + SMS code, biometrics, hardware key, etc. A critical element of Zero Trust.
Dividing a network into isolated security zones at individual workload level. Limits lateral movement of an attacker in case of a breach. A key element of Zero Trust.
Architecture of small independent services, each responsible for a single business function.
Microsoft's cloud productivity suite: Word, Excel, PowerPoint, Teams, Outlook, SharePoint, OneDrive. Includes cloud security, device management and compliance tools.
Microsoft's AI assistant integrated into Microsoft 365, Windows, Edge and Azure. Uses large language models to automate routine tasks, generate text, analyze data and code.
Microsoft's security product line: Defender for Endpoint (EDR), Defender for Cloud, Defender for Identity, Defender for Office 365. Provides comprehensive protection for cloud and hybrid infrastructure.
A cloud-native SIEM system by Microsoft built on Azure. Collects logs from across the infrastructure, uses AI for threat detection and automates response via SOAR playbooks.
Continuous observation of IT system status: availability, performance, errors, resource usage. Tools: Prometheus, Grafana, Datadog, Azure Monitor. The foundation of proactive infrastructure management.
Continuous IT system observation: availability, performance, errors, resource usage.
Multiprotocol Label Switching — a traffic routing technology using pre-defined label-switched paths. Provides high speed and QoS but costs more than SD-WAN.
A strategy of using cloud services from two or more providers simultaneously (e.g. Azure + AWS). Helps avoid vendor lock-in, optimize costs and improve fault tolerance.
Designing and maintaining corporate networks: LAN, WAN, SD-WAN, Wi-Fi.
Next-Generation Firewall — with deep packet inspection, IPS, application control and cloud threat intelligence integration. Examples: Cisco Firepower, Palo Alto, Fortinet.
Network Operations Center — 24/7 monitoring and support facility for IT infrastructure.
Local IT infrastructure hosted on a company's own servers in a server room or datacenter. An alternative to cloud with full control but also full responsibility.
Operational Expenditure — ongoing costs for cloud services, subscriptions and support. Shifting from CAPEX to OPEX is one of the key advantages of the cloud model.
Automated coordination of multiple IT processes or containers to ensure smooth system operation. Kubernetes is the most widely used container orchestrator.
Outsourcing IT functions to an external provider to reduce costs and focus on core business.
Platform as a Service — a cloud platform providing an environment for developing, testing and deploying applications without managing the underlying infrastructure. Examples: Azure App Service, Google App Engine.
A controlled simulated cyberattack on IT infrastructure to identify vulnerabilities before attackers exploit them. Can be external, internal or social engineering based.
A cloud environment dedicated to a single organization. Can be hosted in own datacenter or at a provider. Provides full data control and regulatory compliance.
Cloud infrastructure owned by a provider and offered to multiple customers over the internet. Resources are shared among users, reducing costs. Major providers: Azure, AWS, GCP.
Malicious software that encrypts victim data and demands a ransom for the decryption key. One of the biggest threats to business. Protection: backup, EDR, network segmentation, staff training.
Full productivity outside the office via VDI, VPN, Microsoft 365.
The process of optimizing cloud resources — selecting the right type and size of VMs, storage and services to match actual workload. A key FinOps practice.
Recovery Point Objective — the maximum acceptable data loss in case of a disaster, expressed in time. RPO = 1 hour means the business can lose no more than one hour of data.
RPO and RTO — disaster recovery metrics: acceptable data loss and downtime.
Recovery Time Objective — the maximum acceptable system downtime after a disaster. RTO = 4 hours means systems must be restored within four hours.
Software as a Service — a model for delivering software over the internet via subscription. Users access ready-made applications without installation. Examples: Microsoft 365, Salesforce, Google Workspace.
Secure Access Service Edge — a cloud model unifying network security (ZTNA, SWG, CASB, FWaaS) and SD-WAN into a single platform. Ensures secure resource access from any location.
Software-Defined Wide Area Network — replaces or supplements MPLS. Intelligently routes traffic between branches across multiple links (internet, LTE, MPLS).
A cloud computing model where the provider automatically manages server infrastructure. Developers write only function code, and the cloud scales and executes on demand. Examples: Azure Functions, AWS Lambda.
Microsoft cloud platform for collaboration and document management in Microsoft 365.
Security Information and Event Management — a system for collecting, analyzing and correlating security logs from across the infrastructure in real time. Helps detect threats and incidents. Examples: Microsoft Sentinel, Splunk.
Service Level Agreement — a contract between provider and customer defining guaranteed availability (e.g. 99.9%), incident response times and penalties.
Security Operations Center — a cybersecurity monitoring center that tracks threats 24/7, analyzes incidents and coordinates response. Can be internal or outsourced (SOC-as-a-Service).
Cisco's data analytics and SIEM platform for monitoring, searching and visualizing machine data in real time. Widely used in SOC for security log analysis.
Total Cost of Ownership — the full cost of an IT solution including acquisition, implementation, maintenance, training and decommissioning. A key metric when choosing between on-premises and cloud.
An Infrastructure as Code tool by HashiCorp for describing and automatically deploying cloud infrastructure via declarative configurations. Supports Azure, AWS, GCP and dozens of other providers.
A global cybersecurity solutions provider: endpoint, server, cloud and email protection. Vision One is their XDR platform with AI analytics.
Virtual Desktop Infrastructure — virtual desktops on a server accessible from any device.
A backup and recovery platform for virtual, physical and cloud environments. A leader in backup for VMware, Hyper-V, AWS, Azure and Microsoft 365.
Broadcom's (formerly VMware) leading virtualization platform for creating and managing virtual machines. Includes ESXi hypervisor and vCenter Server for centralized management.
Virtual Private Network — an encrypted tunnel between a device and the corporate network over the public internet. Provides secure remote access but is gradually being replaced by ZTNA within Zero Trust.
Web Application Firewall — filters HTTP traffic and protects against SQL injection, XSS, application-level DDoS attacks. Deployed in front of the web server.
Microsoft Cloud PC: Windows in the cloud with fixed pricing, accessible from any device.
Extended Detection and Response — advanced threat detection combining data from endpoints, networks, cloud and email into a single platform for correlation and automated response.
A security model where no user or device is trusted by default, even inside the corporate network. Every request is verified and authorized independently.
Zero Trust Network Access — a secure remote access approach replacing VPN. Grants access only to specific applications after verifying identity and device posture, not the entire network.
Our engineers will help you find the optimal solution for your infrastructure.
Contact us