<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

We're blowing the whistle on Legacy PAM 🏀 Join us for an Access Madness Webinar on March 28

Search
Close icon
Search bar icon

Infrastructure Access | Glossary of Terms

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

The way companies look at infrastructure access is changing. With so many data sources and types of information, ever-changing regulatory requirements, and the need to scale up or down quickly, even the terms we use to describe infrastructure have changed.

To help you keep up with it all, this glossary contains definitions for infrastructure access terms you’ll hear as you work to manage access for your organization.

Access as code: The practice of managing and provisioning all aspects of infrastructure access via automated processes and centralized management, across any technology type.

Attribute-Based Access Control (ABAC): A runtime decision-making strategy for what features and/or data a user can access based on policies and user attributes.

Auditing: Official inspection of IT infrastructure, policies, and programs to identify areas of improvement.

Audit Log: A document that records what is happening within an IT system.

Audit Trail: A formal record of transactions within an IT system.

Authorization (Authz): A system or application process that makes a runtime decision as to whether a user can perform a certain function or access data.

Authentication (Authn): The process of verifying a user’s identity, such as through a username/password combination.

Bastion Host: A computer that is purposely exposed on a public network. It’s placed outside the firewall and filters incoming traffic to prevent attacks.

Cloud Access Security Broker (CASB): Software or hardware that is either hosted in the cloud or on-premises. It adds a layer of security between users and cloud service providers and often overlaps with secure web gateway (SWG) functionality.

Compliance: The state of adhering to specific guidelines, such as those from a government agency.

Data Governance: How organizations manage enterprise system availability, integrity, usability, and security, based on internal standards and any external requirements.

DevSecOps: A management approach that combines application development, security, and operations teams, along with infrastructure as a code, to create an automated, continuous delivery cycle for enterprise applications.

Firewall-as-a-Service (FWaaS): A centralized firewall service provided by a vendor that consolidates traffic headed to all enterprise locations, including mobile users and cloud services, and implements a security policy.

Identity-as-a-Service (IDaaS): An identity and access management (IAM) solution delivered in a cloud-based service that is hosted by a trusted third party.

Identity and Access Management (IAM): Business processes, policies, and technology that help companies manage digital identities. These include single sign-on systems, multi-factor authentication, and privilege management.

Identity Aware Proxy (IAP): A Google Cloud Platform service that can authenticate users and provide secure access to specific applications.

Identity Governance and Administration (IGA): Policies for identity management and access control that go beyond traditional IAM tools. It enables and secures digital identities for all users, applications, and databases.

Identity provider (IdP): Part of a system that gives an end user or connected device a set of login credentials for platforms, applications, and networks.

Infrastructure Access: The ability to connect to a system in your infrastructure, such as a database or connecting to a server.

Infrastructure Access Platform: A single solution that combines authentication, authorization, networking, and observability. This lets organizations centrally manage and automate infrastructure access securely.

Infrastructure as Code (IaC): An IT practice that treats underlying IT infrastructure as software.

Just-in-Time (JIT) Access: A methodology that provides real-time, granular access to applications or systems so that users can perform necessary actions.

Logging: The act of creating a log file that time-stamps each action or event in a particular system.

Observability: The ability to measure the internal state of a system by tracking the system’s external outputs.

Points of Presence (POPs): Access points to systems.

Principle of Least Privilege (PoLP): A computer security concept that limits access rights for users, accounts, and computing processes to give them the bare minimum they need to complete a task or job.

Privileged Access Management (PAM): Tools and technology used to secure, control, and monitor how an organization’s critical infrastructure and resources are accessed.

Privileged Account Management (also PAM): A term used to refer to privileged access management that focuses on granting access to existing accounts.

Privileged Identity Management (PIM): A term used to refer to privileged access management that implies only the identities of privileged accounts are being managed. (Recommended reading: PIM vs. PAM)

Privileged Session Management (PSM): A term that refers to privileged access management but only focuses on launching and recording login sessions.

Proxy: An intermediary between users, applications, systems, and other resources.

Role-Based Access Control (RBAC): A method of managing entitlements by granting privileges to users by creating roles and attaching users to those roles, instead of directly.

Secure Access Service Edge (SASE): A cloud architecture that delivers network and security as a single cloud service.

Secure Shell (SSH): A network protocol that lets users access computers securely over an unsecured network.

Secure Web Gateway (SWG): A security device that protects internal networks from unsecured internet traffic.

Single Sign-On (SSO): A service that lets users authenticate with a single login for multiple systems.

SOC 2 Compliance: The state of adhering to the System and Organization Control 2 (SOC 2) standard set by the American Institute of CPAs (AICPA).

Software-defined network (SDN): An architecture that abstracts network layers into distinguishable components (application layer, control layer, infrastructure layer, and APIs) so that enterprises can better control their networks.

Software-defined networking in a wide area network (SD-WAN): A technology that uses SDN concepts to distribute network traffic across a wide-area network (WAN).

Virtual Private Network (VPN): A service that creates a “tunnel” for safe, secure network connections.

Zero Trust: A security model that assumes all users are already compromised. Every user or device must re-authenticate every time they log in.

Zero Trust Network Access (ZTNA): Part of the zero trust model that hides the IP address while requiring identity-based authentication to provide network access.

Zero Standing Privileges (ZSP): A term coined by analyst firm Gartner to describe the state of having the least amount of privileges necessary to access systems and networks, using just-in-time access.

Zombie Credentials: Active accounts that are no longer used and can open the door to malicious actors.

Want to learn more terms? Check out our Cybersecurity Glossary


About the Author

, Dynamic Access Management platform, StrongDM puts people first by giving technical staff a direct route to the critical infrastructure they need to be their most productive.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Financial Services Cybersecurity Guide: Risks & Solutions
Financial Services Cybersecurity Guide: Risks & Solutions
Financial services companies handle a vast amount of sensitive data, including the personal and financial information of their customers. This makes them a prime target for hackers and cybercriminals who want to steal that data. Hackers are constantly finding new ways to break through the walls of enterprise environments. If successful, they can cause serious problems like identity theft or fake transactions, impacting individuals and companies financially.
13 Password Management Best Practices
13 Password Management Best Practices to Know in 2024
Weak passwords are the third most common attack vector for malicious actors — and often the most difficult for enterprises to control since individual employees typically choose their own passwords. Effectively managing passwords is critical in safeguarding your organization’s assets, maintaining regulatory compliance, and minimizing security risks. In this article, we’ll share 13 password management best practices that will help you keep your systems and data safe from password-related attacks.
Context-Based Access Controls: Challenges, Importance & More
Context-Based Access Controls: Challenges, Importance & More
Context-based access controls refer to a dynamic and adaptive approach to managing security policies in modern infrastructure. Addressing challenges in enforcing consistent security across diverse platforms, these policies consider factors such as device posture and geo-location to adjust access controls dynamically. By narrowing access based on contextual parameters, they reduce the attack surface, enhance security, and streamline policy administration, ensuring compliance in evolving environments.
Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) is the systematic control and oversight of vendor access to an organization's systems, applications, and data. It involves processes such as onboarding and offboarding vendors, utilizing solutions for Just-in-Time access, ensuring security, and streamlining workflows to minimize operational inefficiencies.
What Is Fine-Grained Access Control? Challenges, Benefits & More
What Is Fine-Grained Access Control? Challenges, Benefits & More
Fine-grained access control systems determine a user’s access rights—to infrastructure, data, or resources, for example—once past initial authentication. Unlike coarse-grained access control (CGAC), which relies on a single factor, such as role, to grant access, FGAC relies on multiple factors. For example, it may consider policies (policy-based access control, or PBAC), attributes (attribute-based access control, or RBAC), or a user’s behavior in a certain context (behavior-based access control, or BBAC).