Identity and Access Management (IAM, IDaaS, SSO, etc.)
IAM - Identity & Access Management
A set of policies, processes and technologies that allow you to create, manage and control the digital identities of users and regulate their access to resources, applications and corporate systems. It includes authentication, authorization, credential management and auditing to ensure that only authorized users can access the correct resources.
IDaaS - Identity as a Service
IDaaS is a cloud service that provides identity and access management (IAM) capabilities without the need for on-premises infrastructure. It provides authentication, authorization, Single Sign-On (SSO), password management and user provisioning in a scalable and centralized way, integrating with cloud and on-premises applications.
SSO - Single Sign-On
SSO is an authentication technology that allows users to access multiple applications or systems with a single initial authentication, eliminating the need to log in separately for each service. It improves security and usability by reducing the management of multiple passwords and facilitating access control.
PAM - Privileged Access Management
PAM is a technology and a set of practices for managing and controlling access of users with elevated privileges (administrators, superusers) to critical systems. It includes strong authentication, credential management, session monitoring and activity auditing to prevent abuse and breaches.
PIM - Identity Governance and Administration
PIM is a system that allows you to manage, monitor and control access of users with elevated privileges (system administrators, superusers, etc.). It includes features such as temporary privilege granting, activity logging, access auditing, and privileged password management. The goal is to reduce the risks associated with abuse of privileged accounts and improve overall security.
CIAM - Customer Identity and Access Management
CIAM is a specialized identity and access management solution dedicated to external users, i.e., customers of a company. It includes features such as self-service registration, secure authentication (often with MFA), consent and privacy management, personalization of the user experience, and compliance with regulations such as GDPR. CIAM allows companies to offer secure, seamless, and scalable access to their digital services.
IGA - Identity Governance and Administration
IGA is a set of processes, technologies, and policies that allow you to manage and control digital identities and related access within an organization. It includes activities such as creating, modifying, and deactivating user accounts, role management, periodic review of access (access certification), and regulatory compliance. IGA solutions help ensure that users have only the necessary permissions, reducing the risk of unauthorized access.
ISPM - Identity Security Posture Management
ISPM is a discipline and set of technologies that monitor, analyze and improve the security posture of digital identities within an organization. It focuses on the continuous assessment of risks associated with user accounts, privileges, access configurations and security policies, to identify vulnerabilities, anomalous behaviors or exposures that could be exploited by attackers. ISPM helps keep the identity ecosystem secure, compliant and resilient.
ITDR - Identity Threat Detection & Response
ITDR is a discipline and technology focused on monitoring, detecting and responding to attacks and threats involving digital identities. It includes analyzing anomalous user behavior, detecting suspicious logins, attempted compromises of privileged accounts and managing access incidents. The goal is to protect identity as a critical point of security and respond quickly to any threat that could compromise user credentials or privileges.
IDTR - Identity Detection & Response
IDTR is a strategy and technology dedicated to the detection and response to threats related to digital identity. It focuses on the continuous monitoring of identity-related activities, analyzing suspicious behaviors, anomalous accesses and potential compromises. The goal is to quickly identify attacks that exploit user credentials or privileges and respond automatically or manually to contain and mitigate the risk.
JIT - Just-In-Time (Access)
Just-In-Time (JIT) access is a methsecurity technology that grants privileges or access only when needed and for a limited time, reducing the window of exposure to attacks. Often used in conjunction with privileged management systems (PAM/PIM), JIT dynamically requests and approves elevated access only for the duration strictly necessary.
ABAC - Attribute-Based Access Control
ABAC is an access control model in which decisions are made based on attributes (or properties) of the user, resource, environment, and action. Attributes can include role, geographic location, time, risk level, device type, etc. This approach enables dynamic, granular, and contextual access management, ideal for Zero Trust environments.
RBAC - Role-Based Access Control
RBAC is an access control model in which permissions are assigned to specific roles within an organization, and users are granted those permissions based on the role to which they are assigned. This facilitates centralized management of authorizations, reducing errors and ensuring that users only have access to the resources necessary for their tasks.
IdP - Identity provider
An Identity Provider (IdP) is a service that authenticates users and provides them with a verified digital identity used to access services and applications. It supports standard protocols such as SAML, OAuth and OpenID Connect, and provides authentication tokens or assertions to the service provider, enabling Single Sign-On (SSO) and centralized identity management.
IdP - Proxy Identity Provider Proxy
An IdP Proxy is a component that acts as an intermediary between a service provider (application or service) and an Identity Provider (IdP). It facilitates user authentication, simplifying integration with different identity systems and allowing authentication flows to be centralized and consolidated (e.g. SAML, OAuth, OpenID Connect). Often used to support single sign-on (SSO) and improve identity management in complex or multi-cloud environments.
Identity Broker
The Identity Broker is a component or service that acts as an intermediary between different Identity Providers (IdPs) and service providers (applications, services). It aggregates and manages various sources of identity, facilitating authentication and authorization through standard protocols such as SAML, OAuth or OpenID Connect. It allows users to use a single digital identity to access multiple resources, even if distributed on different systems or different clouds.
UAA User Account and Authentication
UAA is a system that manages user authentication and authorization. It is often used as a component in cloud-native environments (e.g. Cloud Foundry) to manage identities, issue access tokens (OAuth2), manage permissions and connect to external Identity Providers. It supports Single Sign-On (SSO), identity federation, and fine-grained access controls.
EAM - Enterprise Access Management
EAM is a set of technologies and processes designed to manage, control and monitor user access to corporate resources (applications, systems, data). It focuses on the centralized management of access rights (entitlements) to ensure that only authorized users can access specific resources based on rules, roles or attributes. It is often integrated with IAM, PAM and security policies such as RBAC or ABAC.
SCIM - System for Cross-domain Identity Management
SCIM is an open standard protocol designed to facilitate the automation of identity management (creation, update, deletion of users) between different systems, such as corporate directories, cloud applications and IT services. It uses RESTful APIs and JSON/XML formats to quickly and securely synchronize user accounts between multiple platforms.
OIDC - OpenID Connect
OpenID Connect (OIDC) is an authentication protocol based on OAuth 2.0 that allows clients (apps or websites) to verify the user’s identity through an Identity Provider (IdP) and obtain information about the user (claim) in a secure way. OIDC simplifies the implementation of Single Sign-On (SSO) and supports modern authentication flows, including mobile and APIs.
OAuth - Open Authorization
OAuth is an open protocol that allows an application to obtain limited access to a user’s protected resources on another service, without sharing credentials (such as a password). It uses temporary access tokens to securely delegate permissions, widely used to authorize access to APIs, web and mobile apps.
WebAuthn - Web Authentication
WebAuthn is an authentication standard developed by the W3C and the FIDO Alliance that allows users to log in to websites and applications securely and without a password, using devices such as: fingerprints (biometrics); facial recognition; hardware security keys (e.g. YubiKey); PIN or device authentication. WebAuthn is based on public key authentication: upon registration, the user’s device creates a key pair (public/private) and sends only the public key to the server. During login, the user confirms his/her identity locally (e.g. with a fingerprint), and the device signs a challenge using the private key.
JWT - JSON Web Token
JWT is an open standard (RFC 7519) that defines a compact, self-contained format for securely transmitting information between parties as JSON objects. JWTs are digitally signed (using algorithms such as HMAC or RSA) to ensure integrity and, in some cases, confidentiality. They are widely used for authentication, authorization, and secure data exchange in web and API environments.
BYOI - Bring Your Own Identity
BYOI is an authentication model that allows users to access digital services using existing identities provided by third parties, such as Google, Facebook, Apple, or other federated Identity Providers (IdPs). This approach simplifies onboarding, reduces credential management by companies, and improves user experience, while maintaining access control via standard protocols (e.g. OAuth, OIDC, SAML).
FS - Federated Services
Federated Services refers to a set of mechanisms that allow multiple domains or organizations to share user authentication and authorization in a secure and controlled way. Thanks to protocols such as SAML, OAuth and OIDC, a user can access third-party services using their origin credentials (Identity Provider). This is the basis of identity federation and integration between heterogeneous systems.
FIDO Alliance - Fast IDentity Online
The FIDO Alliance is an international industry organization founded in 2012 with the goal of eliminating the use of passwords and promoting strong, secure and easy-to-use authentication standards. The goal is to create an authentication ecosystem that is: more secure than traditional passwords; simpler for users; standardized and interoperable across devices and services. Through the development of open standards for two-factor authentication (2FA), passwordless authentication and biometric authentication. The main FIDO standards include: FIDO U2F (Universal 2nd Factor) – authentication with physical keys (e.g. YubiKey); FIDO UAF (Universal Authentication Framework) – biometric authentication (fingerprint, face); FIDO2 – combines WebAuthn (from W3C) and CTAP (Client to Authenticator Protocol) for passwordless login.
Network, Application, Zero Trust Access Security
ZTNA - Zero Trust Access Management
Secure access solution based on the “Zero Trust” principle: it never automatically trusts users or devices, even if they are already inside the corporate network. Access is granted only after verifying identity, device status and other contextual factors, applying precise policies for each session and resource.
CASB - Cloud Access Security Broker
The CASB is a control point located between users and cloud applications, designed to monitor and apply security policies when accessing cloud services (such as Google Workspace, Microsoft 365, Salesforce, etc.). Provides visibility into cloud traffic, data loss prevention (DLP), anomalous activity detection, encryption, and access control.
SWG - Secure Web Gateway
Security solution that filters outgoing web traffic to prevent access to malicious or unauthorized content. Inspects HTTP/HTTPS requests, enforces corporate policies (such as blocking dangerous or inappropriate sites), detects malware, and protects against web-borne threats. May include URL filtering capabilitiesng, sandboxing, and Data Loss Prevention (DLP).
FWaaS - Firewall as a Service
FWaaS is a fully managed, cloud-delivered firewall solution that provides protection at the network and application layers without the need for physical devices. It provides capabilities such as traffic filtering, application control, intrusion prevention (IPS), SSL/TLS inspection, and segmentation. In a SASE architecture, FWaaS enables consistent protection wherever users and devices are located.
SSE - Security Service Edge
SSE is a component of the broader SASE architecture that focuses exclusively on cloud security services, such as ZTNA, SWG, CASB, and Data Loss Prevention (DLP). It provides protection, visibility and control of Internet and cloud traffic, separating security functions from networking and offering secure and policy-based access regardless of user location.
SASE - Secure Access Service Edge
SASE is a cloud-native architecture that combines networking (such as SD-WAN) and security (such as ZTNA, SWG, CASB, FWaaS) functions in a single globally distributed platform. The goal is to provide secure and high-performance access to users, devices and applications wherever they are, reducing complexity and improving visibility and control.
DLP - Data Loss Prevention
DLP is a technology and security strategy designed to prevent the loss, leakage or theft of sensitive data, whether intentional or accidental. It works by monitoring and controlling data in transit, at rest and in use, and can block the unauthorized sending of sensitive information (e.g. email, upload, print, copy). It is often used to comply with regulations such as GDPR, HIPAA, PCI-DSS.
Browser Isolation
Browser Isolation is a security technology that physically or logically separates the web browsing process from the user’s device, rendering the pages in an isolated environment (cloud or local) and showing only a “safe copy” (e.g. a video stream) to the user. This way, any malware or malicious content on the website never reaches the user’s device.
Full-Path TLS Inspection
Full-Path TLS Inspection (or SSL Inspection) is a security technique that allows an intermediary system (e.g. a firewall, proxy, or SWG) to decrypt, analyze, and then re-encrypt HTTPS/TLS traffic between a client and a server. This allows for the detection of threats hidden in encrypted traffic, such as malware, phishing, or data leaks. The term “full-path” emphasizes that inspection occurs along the entire path, from source to destination, rather than just in partial segments.
- Proactive DDoS Mitigation
Proactive DDoS Mitigation is a set of strategies and technologies that detect and block Distributed Denial of Service (DDoS) attacks before they can impact business services. Unlike reactive mitigation (which occurs after the attack has started ), proactive protection uses real-time traffic analysis, machine learning, and pre-configured policies to automatically anticipate and mitigate anomalies while keeping applications and networks available.
CNAPP - Cloud-Native Application Protection Platform
CNAPP is a unified platform that provides visibility, security, and compliance for cloud-native applications throughout their lifecycle. It combines Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and container/Kubernetes security, offering integrated protection for code, infrastructure, and runtime. CNAPP helps detect vulnerabilities, misconfigurations, and active threats, also providing tools for automatic remediation.
CSPM - Cloud Security Posture Management
CSPM is a category of tools and practices designed to identify and remediate misconfigurations and vulnerabilities in cloud services (IaaS, PaaS, SaaS). It continuously monitors cloud environments for non-compliance with security policies, standards (e.g. NIST, CIS), and regulations (e.g. GDPR, ISO 27001). It helps reduce the risk of accidental exposures and misconfiguration attacks.
CWPP - Cloud Workload Protection Platform
CWPP is a security solution designed to protect workloads in public, private, and hybrid clouds. Workloads include virtual machines, containers, physical servers, serverless functions, and other compute assets. CWPP provides capabilities such as vulnerability scanning, behavior monitoring, runtime protection, and integrity checks, ensuring that every workload is secure regardless of where it runs.
DSPM - Data Security Posture Management
DSPM is a solution designed to discover, classify, monitor and protect datasensitive data (structured and unstructured) wherever it resides --- in cloud, SaaS, on-premises or hybrid environments. Analyzes how data is stored, moved and accessed, identifies misconfigurations, excessive access or exposed data and helps improve data security posture. Often integrates with DLP, CSPM and IAM tools.
CAASM - Cyber Asset Attack Surface Management
CAASM is a technology that enables organizations to gain complete visibility into all IT and cyber assets (endpoints, applications, devices, identities, cloud, etc.), correlating information from multiple sources to identify coverage gaps, misconfigurations, vulnerabilities and exposed assets. The goal is to map and reduce the attack surface exploitable by potential threats, improving the overall security posture.
Threat Detection, SOC & Incident Response
UEBA - User and Entity Behavior Analytics
UEBA uses advanced machine learning and behavioral analysis algorithms to monitor and analyze the behavior of users, devices, and other entities within an IT system. The goal is to detect anomalous or suspicious activity that could indicate insider threats, account compromises, or advanced attacks (such as insider threats, credential theft, lateral movements). UEBA integrates data from multiple sources to provide in-depth context and improve the accuracy of detections.
SIEM - Security Information and Event Management
SIEM is a platform that collects, normalizes, correlates, and analyzes security logs and events from various IT systems (firewalls, endpoints, servers, applications, etc.). It provides real-time visibility, threat detection, alerts, and incident response support. It uses rules, correlations, and sometimes machine learning to identify anomalous behavior.
SOAR - Security Orchestration, Automation and Response
SOAR is a platform that enables security teams to orchestrate different tools, automate repetitive tasks and centrally manage incident response processes. It integrates with SIEM, EDR, firewalls, ticketing and other systems to speed investigations, reduce response times and standardize procedures through automated playbooks.
EDR - Security Information and Event Management
EDR is a security solution designed to continuously monitor, record and analyze activities on endpoint devices (PCs, servers, laptops) in order to detect, investigate and respond quickly to advanced threats. It uses behavioral data collection, signature-based detection and heuristic analysis, providing containment, isolation and automatic remediation capabilities.
XDR - Extended Detection and Response
XDR is an integrated security solution that combines and correlates data from multiple sources --- endpoints, networks, clouds, emails, applications --- to provide a unified view of threats. It enables you to more effectively detect, analyze and respond to cyber attacks, automating security operations and improving incident response capabilities across your IT infrastructure.
NDR - Network Detection and Response
NDR is a security technology that monitors network traffic to identify anomalous activity, threats and ongoing attacks, even those that elude traditional solutions such as firewalls or antivirus. It uses advanced techniques such as machine learning, behavioral analysis and threat intelligence to detect suspicious behavior, and includes response capabilities to contain or investigate the incident.
MDR - Managed Detection and Response
MDR is a third-party managed security service that combines advanced threat detection technologies (such as EDR, SIEM, XDR) with a team of experts who actively analyze, investigate and respond to security incidents 24/7. The goal is to provide effective protection even to organizations that do not have an internal SOC or specialized resources.
TIP - Threat Intelligence Platform
A Threat Intelligence Platform (TIP) is a solution designed to aggregate, normalize, analyze and share cyber threat information from internal sources (logs, SIEM, incidents) and external sources (commercial feeds, open source, community, CERTs). It helps to prioritize threats, generate relevant indicators of compromise (IoCs) and provide actionable data for solutions such as SIEM, SOAR, firewalls and EDR/XDR systems.
FIM - File Integrity Monitoring
File Integrity Monitoring (FIM) is a security system that continuously monitors critical files and directories (such as configurations, system files, registries) to detect unauthorized or anomalous changes. It compares the current state of files with “expected” versions or safe baselines, generating alerts when it detects changes. It is usefulized for breach detection, auditing, compliance (e.g. PCI-DSS, HIPAA, ISO 27001) and incident response.
SOC - Security Operations Center
A SOC is a centralized operations center where a team of experts constantly monitors an organization’s IT infrastructure to prevent, detect, analyze and respond to cybersecurity incidents. It uses advanced tools such as SIEM, EDR, and threat intelligence to analyze events and coordinate defensive actions.
Cloud Models and Architectures
IaaS - Infrastructure as a Service
IaaS is a cloud model that provides virtualized infrastructure resources (servers, storage, network) via the Internet. It allows companies to “rent” the IT infrastructure, without purchasing and managing physical hardware. Users have control over operating systems, applications, and configurations, while the provider manages the underlying infrastructure. Examples: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP).
PaaS - Platform as a Service
PaaS is a cloud model that provides a complete platform for developing, testing, deploying, and managing applications. It includes infrastructure (such as IaaS), operating systems, databases, development tools, and middleware services. It allows developers to focus on code without managing hardware or the operating system. Examples: Google App Engine, Heroku, Azure App Services.
SaaS - Software as a Service
SaaS is a software delivery model in which applications are hosted in the cloud and accessible over the internet, typically via subscription. Users do not have to install or manage the software locally: everything from maintenance to updates is managed by the provider. Common examples: Google Workspace, Microsoft 365, Salesforce.
Application Security (AppSec)
SAST - Static Application Security Testing
SAST is a security analysis technique for analyzing the source code or binary of an application without running it. It identifies vulnerabilities, programming errors, and potential security issues by statically analyzing the code during the development phase. This helps fix vulnerabilities before the software is released. It is an integral part of DevSecOps practices.
DAST - Dynamic Application Security Testing
DAST is an application security testing technique that analyzes an application while it is running, simulating real-world attacks to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and other runtime issues. It does not require access to the source code, but tests the application’s response to malicious input. It is useful for testing web applications and APIs in staging or production environments.
IAST - Interactive Application Security Testing
IAST combines elements of SAST and DAST by monitoring the behavior of the application as it runs in test or development environments. It uses agents embedded in the runtime to analyze the code in action, identifying both static and dynamic vulnerabilities with greater precision and context. This approach provides detailed, real-time analysis of potential security flaws.
RASP - Runtime Application Self-Protection
RASP is a security technology that integrates directly within the application to monitor its behavior in real time as it runs. It automatically detects and blocks attacks such as SQL injections, cross-site scripting (XSS), and other threats, protecting the application from the inside without the need for external intervention. It works by analyzing traffic, calls, and data, immediately responding to suspicious behavior.
ASPM - Application Security Posture Management
ASPM is a solution that provides continuous visibility, assessment, and management of application security throughout the lifecycle, combining data from tools such as SAST, DAST, IAST, RASP, and vulnerability management. It helps identify security gaps, prioritize remediation, and improve the application’s overall threat posture.
SCA - Software Composition Analysis
SCA is a technology that analyzes third-party components and open source libraries within a software application to identify known vulnerabilities, noncompliant licenses, and associated risks. It allows you to continuously manage and monitor the security of dependencies, ensuring that no external component introduces flaws or compliance issues.
Regulations, Standards and Standards
GDPR - General Data Protection Regulation
The GDPR is the European regulation (EU 2016/679) that came into force in 2018 and governs the processing and protection of personal data of citizens of the European Union. It establishes fundamental principles (such as lawfulness, transparency, data minimization), rights for data subjects (e.g. right to be forgotten, actransfer, portability) and obligations for organizations, including security measures, DPO appointment, consent management and breach notification.
NIST - National Institute of Standards and Technology
NIST is a US government agency that develops standards, guidelines and best practices for cybersecurity, including the well-known NIST Cybersecurity Framework (CSF). This framework helps organizations manage and reduce cybersecurity risks through a structured approach based on identification, protection, detection, response and recovery.
NIS2 - Network and Information Security Directive 2
NIS2 is the update to the EU NIS Directive, which strengthens and expands the security requirements for networks and information systems. It introduces more stringent obligations for more sectors (including digital services and critical infrastructure), increases the responsibilities of top managers and provides for tougher penalties for non-compliance.
DORA - Digital Operational Resilience Act
European Union regulation that establishes mandatory requirements to strengthen the digital operational resilience of financial institutions and critical entities. It requires them to manage cyber risks, ensure business continuity, monitor third-party ICT service providers and report security incidents in a standardized way.
CRA - Cyber Resilience Act
The Cyber Resilience Act is an EU regulatory proposal that aims to establish minimum security requirements for products with digital components, obliging manufacturers to ensure a basic level of protection against vulnerabilities and cyber attacks throughout the product lifecycle.
Sensitive Data and Privacy Protection**
PII - Personally Identifiable Information
PII refers to any data that can be used, alone or together with other information, to uniquely identify a natural person. It includes elements such as name, address, telephone number, social security number, personal email, biometric data, document numbers or payment card numbers. The protection of PII is regulated by regulations such as GDPR, HIPAA or CCPA.
IT Infrastructure, Access and Devices
LDAP - Lightweight Directory Access Protocol
LDAP is a standard protocol for querying and modifying directory services, which store information about users, groups, devices and other network resources. It is used for authentication, authorization and centralized identity management in enterprise environments, facilitating access to resources through directories such as Active Directory or OpenLDAP.
CA - Certification Authority
A Certification Authority (CA) is an entity that issues digital certificates to guarantee the identity of users, devices or services on a network. Digital certificates are used, for example, to enable secure communications through protocols such as HTTPS or TLS. The CA certifies that a public key belongs to a specific subject (user, server, company), by digitally signing a certificate (X.509). A CA can also be internal, in this case it is managed within an organization (e.g. a company or a PA) and is not recognized publicly, but is trusted within the company perimeter. It is used to authenticate users, servers or internal devices such as Wi-Fi, email, etc.
BYOD - Bring Your Own Device
BYOD is a company policy that allows employees to use their personal devices (smartphones, laptops, tablets) to access company resources and data. This approach improves productivity and flexibility, but also introduces security risks related to data management, endpoint protection and the separation between the personal and work spheres. To manage it safely, solutions such as MDM (Mobile Device Management) or EDR (Endpoint Detection and Response) are used.
AD - Active Directory
Active Directory is a directory service developed by Microsoft that allows the centralized management of users, groups, computers, and network resources in corporate environments. To communicate and exchange this information, Active Directory uses a standard protocol called LDAP (Lightweight Directory Access Protocol). LDAP allows clients and applications to query, authenticate, and modify data contained in the directory, making it a fundamental tool for authentication and authorization in centralized systems such as Active Directory.