Data Security Glossary

No matter what your role is within an organization, this data security glossary is intended for anyone from the security leader to the security practitioner.

Access control

A security technique that regulates who can view or use resources in a computing environment. It is a fundamental component of data security that restricts access to systems, applications, and data by enforcing policies and granting permissions only to authorized users, thereby protecting sensitive information from unauthorized access and maintaining...

California Consumer Privacy Act (CCPA)

The CCPA gives California residents the right to know what personal information a business keeps about them, understand how it gets used, and then prevent or delete the collection of their personal information. The California Privacy Rights Act (CPRA) extended CCPA to cover California-based employees, contractors, and emergency contacts. In...

Cloud data governance

Cloud data governance encompasses all principles, policies, and procedures for managing data in cloud environments. It focuses on managing the privacy of data according to regulatory compliance requirements and industry standards; mitigating data risk; and ensuring data is accurate, available and usable across the organization. Cloud data governance should enable...

Cloud data loss prevention (DLP)

Sometimes called cloud data leak protection, Cloud DLP refers to the technology and processes used to safeguard sensitive data against internal and external threats. These solutions continuously monitor the usage and movement of data and alert security teams about potential losses or breaches.

Cloud data management

Cloud data management involves overseeing the storage, accessibility, and privacy of data across multi-cloud environments. It includes ensuring data integrity and compliance, securing data against breaches, and leveraging frameworks like CDMC to structure and audit data-related activities. This practice is key to harnessing cloud benefits while protecting sensitive information and...

Cloud security assessment

A cloud security assessment evaluates a business's cloud infrastructure's risks, vulnerabilities, and existing security controls. Cloud security assessments are important because they help companies understand their cloud risks and take steps to remediate them.

Cloud security posture management (CSPM)

Cloud security posture management focuses on continuously monitoring and assessing the security posture of cloud infrastructure. CSPM platforms scan for potential cloud infrastructure risks such as misconfigurations, vulnerabilities or overly-permissive access control. Because they focus on the infrastructure of cloud environments, CSPM platforms lack the ability to do robust data...

Cloud transformation

Cloud transformation is the process of migrating traditionally on-prem techniques and tools into a cloud environment. Many businesses move their data, applications, and infrastructure to the cloud because it supports increased flexibility and speed. While beneficial in many ways, cloud transformation also brings new security risks such as misconfigurations, unauthorized...

Cloud-native security

Cloud-native security is a set of processes and solutions that secure the various aspects of an organization’s operations and data in the cloud. It encompasses the company’s entire cloud ecosystem, including application development and data storage. Unlike legacy security platforms, cloud-native security solutions typically employ built-in cloud services (i.e., APIs,...

Compliance automation

A compliance automation solution helps organizations align with privacy, governance and security requirements from internal and external stakeholders. It continuously reviews business processes to ensure compliance with regulations. Compliance automation provides a more effective and comprehensive approach than establishing and enforcing policies manually.

Compliance monitoring

Compliance monitoring means reviewing an organization’s routine functions and ensuring they are in alignment with compliance policies and procedures. Organizations can use a combination of manual tasks and automated solutions, such as a policy enforcement engine, to implement compliance monitoring.

Data access governance

Data access governance (DAG) solutions manage user, application, and machine data access privileges. They employ the principle of least privilege to ensure only the right identities have access to the organization's sensitive data, enabling innovation and growth while maintaining a strong security posture. DAG tools also continuously monitor who and...

Data asset

A data asset is a broader term that encompasses any object or set of objects that contain data. It could refer to a data store (such as Amazon S3 bucket), a data object within that store (such as Apache Parquet file), or a data record (such as a single row...

Data breach

A data breach means that an unauthorized person has successfully infiltrated an organization’s data stores and viewed, taken or shared data. Contributing factors that may lead to a breach include shadow data, misconfigurations, cyber attacks, social engineering, human error, or physical theft of devices containing data. If a data breach...

Data breach prevention

Data breach prevention is a set of best practices for keeping sensitive data safe from unauthorized personnel. A few data breach prevention tactics include: discovering and classifying your sensitive data, automating data policy management, following the principle of least privilege access, continuously monitoring your environment for active breaches, and aligning...

Data catalog

A structured inventory of a company's data assets, typically across various clouds and technologies, which helps in identifying, classifying, and organizing sensitive data like PII, PHI, and PCI transaction data, thereby aiding in data security and governance through enhanced visibility and control over the data landscape​.

Data classification

Data classification is the practice of categorizing data based on specific characteristics such as its sensitivity, value, volume and criticality to an organization. By classifying their data assets, teams can better understand the owners and uses of data, define and enforce policies appropriate to the level of data sensitivity, and...

Data democratization

Data democratization is the process of enabling many users across a business to easily access and use data. Previously, only data experts could handle data, making it difficult for other departments to make data-driven decisions. With the rise of data democratization, various users — including non-experts — can use tools...

Data detection and response (DDR)

Data detection and response alerts organizations in real time when suspicious activity or data breaches occur, allowing security teams to respond rapidly and mitigate active threats. With DDR, businesses can swiftly contain any data security incidents and minimize potential damage.

Data discovery

A process that involves identifying and understanding where data resides within an organization's environment, including public clouds, data warehouses, SaaS applications, cloud file shares, and on-premise storage. Data discovery aims to achieve comprehensive visibility into all data an organization creates and utilizes, providing crucial information about the data's owner, access,...

Data governance framework

A data governance framework establishes which people, processes, and technologies are responsible for managing and protecting data assets. It sets policies for ensuring data is usable and executing successful data security, as well defining the daily operations for meeting compliance standards.

Data leak

A data leak occurs when sensitive data is accidentally or maliciously exposed to unauthorized parties. Misconfigurations, cyberattacks, insider threats, security vulnerabilities, and other factors can cause leaks. A comprehensive data security posture management (DSPM) solution can help prevent leaks.

Data loss prevention/Data leak prevention (DLP)

DLP is a technology that monitors sensitive data as it gets used, moved, and stored across the organization. It prevents data leakage and alerts team members about potential data losses or breaches. DLP works well for on-premise environments but is not conducive to a fast-paced, ephemeral cloud environment.

Data management

Data management encompasses the practices of collecting, keeping, and using data securely, efficiently, and cost-effectively. It involves a range of tasks such as data governance, storage, data quality assurance, and data policy enforcement, ensuring that data is accessible, reliable, and handled in compliance with policies and regulations.

Data mapping

Data mapping enables teams to understand the location, source and destination of their data, including previously unknown shadow data, its format and type, and which transformations it undergoes. It is used both to ensure compliance with data protection regulations and standards, and governance standards that often require organizations to map...

Data masking

Data masking is a security process that protects confidential information by hiding it behind modified, fake data. This technique is often used when sharing data with external parties or within different parts of an organization, ensuring that sensitive details remain inaccessible while the overall structure and utility of the data...

Data security

Data security is a discipline concerned with protecting digital assets such as customer data, employee data, and company secrets. It safeguards these assets from unauthorized actions and access. Today, organizations must think about securing the data within their cloud environments, as well as their traditional, on-premise environments.

Data security in the cloud (cloud data security)

Data security in the cloud, also referred to as cloud data security, protects the data stored and processed in cloud environments. The discipline is focused on empowering organizations to leverage that data to meet business goals while still protecting cloud data from exposure risks, breaches and compromises. To make this...

Data security posture management (DSPM)

Data Security Posture Management (DSPM) is the set of processes, policies, and technologies used to protect sensitive data and ensure compliance in cloud environments at scale and with automation. This rapidly evolving security solution category grew out of the need to protect the “innovation attack surface” created by the unintentional...

DFIR (digital forensics and incident response)

DFIR is the process of investigating and responding to cybersecurity incidents. The process includes finding the event's root cause, gathering evidence, and determining the scope of the breach. Response strategies are also critical to stopping and containing a threat, minimizing its impact on the organization.

DLP monitoring

Data loss prevention (DLP) monitoring is the practice of scanning data continuously in search of potential risks. DLP solutions flag unauthorized or unusual activities involving data at rest, in motion, or in use. Today, many organizations use a data detection and response (DDR) solution to fulfill the role of DLP...

Enterprise data security

Enterprise data security is a collection of tools and technologies that focus on securing every data asset within an enterprise, regardless of its location, owner, or type. It aims to protect all data within a large organization without slowing down critical business processes.


General Data Protection Regulation (GDPR) is a law that requires organizations to protect the personal data and privacy of people and companies inside the European Union. The EU recommends seven principles for complying with GDPR: Lawfulness, fairness, and transparency  Purpose limitation Data minimization  Accuracy  Storage limitation  Integrity and confidentiality  Accountability

Google cloud security

The protection of multi-cloud architectures, integrating autonomous data management with Google Cloud to provide continuous discovery, classification, and defense against data breaches. This unified approach ensures data security, governance, and compliance across cloud ecosystems with minimal training required for security teams​.

Incident response

Incident response is the process of investigating and minimizing the damage of a data breach, then putting in measures to reduce the likelihood of a similar incident in the future. Organizations can lessen the impact of a data breach by creating an incident response plan ahead of time and leveraging...

Incident response plan

A proactive protocol designed to prepare organizations for effectively handling and mitigating the effects of data breaches. It details investigative steps and damage control measures to swiftly manage incidents, ensuring the enforcement of data security policies through tools like Data Security Posture Management (DSPM) and Data Detection and Response (DDR)....

Infrastructure security

The practice of defending critical systems and assets from physical and cyber threats. This encompasses safeguarding IT assets, including end-user devices, data centers, network systems, and cloud resources, to ensure the resilience and reliability of these fundamental components.

Infrastructure-as-a-Service (IaaS)

Infrastructure-as-a-Service (IaaS) refers to the internet-based provisioning of computing resources such as servers, networks, and data storage by a cloud service provider. The user handles operating systems, applications, and middleware, while the service provider handles networking, data storage, hard drives, and hardware. IaaS can pose unique data security challenges, such...

Innovation attack surface

The innovation attack surface is a massive, non-contiguous patchwork of exposed data and shadow data that creates unintentional risk caused by those that use an organization’s cloud data to propel the business forward. These innovators using data and creating risk as a natural by-product could include developers and data scientists,...

Multi-cloud data security

Multi-cloud data security is a form of data security that protects data stores across multiple cloud ecosystems (Amazon Web Services, Google Cloud Platform, Microsoft Azure, etc.). It also compiles security information from all of these environments into a single pane of glass.

Platform-as-a-Service (PaaS)

Platform-as-a-Service (PaaS) is a computing cloud data procedure that allows a business to bypass the typically expensive and time-consuming process of obtaining and maintaining software licenses. PaaS companies offers a shared public cloud platform for app administration and development. If not managed correctly, PaaS can become very complex over time,...

Public cloud data security

Public cloud means an organization uses a third-party cloud service provider (CSP) to provide and manage cloud infrastructure, often including data stores in a fashion that is shared with other businesses (as distinguished from private cloud which is not shared). In the cloud, where data can proliferate exponentially, data security...

Public cloud security

Public cloud security focuses on securing public cloud environments that are managed by cloud service providers (CSPs). It is different from private cloud security that focuses on the security of private cloud environments. Public cloud security follows the “shared responsibility” model, meaning that cloud providers and their customers must jointly...

SaaS security

SaaS security is the set of strategies and practices aimed at protecting applications and data hosted in a Software-as-a-Service model from unauthorized access and cyber threats. It focuses on ensuring that multi-user access to cloud-based applications does not compromise data integrity, confidentiality, or compliance, especially as these services often operate...

Security execution gap

The security execution gap refers to a growing divergence between the activities that contribute to innovation and the security activities intended to protect the business. To overcome this gap, organizations must empower their value creators, such as developers and data scientists, to innovate quickly and safely with agile data security.

Semi-structured data

Semi-structured data does not align with pre-defined data models but contains associated information such as metadata. This additional information provides some level of structure by enforcing hierarchies and separating semantic elements. Many spreadsheets are examples of semi-structured data.

Sensitive data

Sensitive data refers to any information that could be harmful to an organization if disclosed or accessed by unauthorized individuals. Examples of sensitive data include everything from customers’ personally identifiable information (PII) such as health records, trade secrets, and financial information to highly confidential trade secrets. To adequately protect this...

Shadow data

“Shadow data” refers to unknown and unmanaged data that the organization’s IT and security teams do not govern, secure, or update. Because of data democratization, it is common for a data user to copy, move, or modify data without the IT and security team’s knowledge. This has led to the...

Software-as-a-Service (SaaS)

Software-as-a-Service (SaaS) refers to software applications maintained by a third-party provider. SaaS tools improve flexibility by enabling multi-user access to critical applications without the requisite setup and administration burdens. However, SaaS tools can increase the likelihood of overly-permissive data access, since they often fall outside the purview of security teams.

Structured data

Structured data aligns with a predefined data model. Examples include names, social security numbers, addresses, etc. Because this data is highly organized, users can leverage tools such as a relational database management system (RDBMS) to input and modify structured data. Structured data is often transactional and quantitative in nature (e.g.,...

Unstructured data

Unstructured data is usually qualitative and does not fit into a predefined data model. As such, conventional data tools such as relational databases cannot process it. Examples include text, video or audio files, images, etc. Most creative works, designs, IP, and documents consist of unstructured data.


Versioning is a cloud service provider (CSP) feature that keeps multiple versions of an object in the same bucket. Many teams use it to preserve, retrieve, or restore different object versions when needed. However, versioning can become a security risk if there is no policy for permanently deleting or safely...