|AKS Enterprise Container Platform S/W Suite for Azure based on k8s.
||Docker A company and the name of the tool they designed to make it easier to create, deploy, and run applications by using containers.
||Nanosegmentation A flexible and fine-grained =segmentation which is based on observed behavior.
|Anomaly Something that deviates from what is standard, normal, or expected.
||Drift The accumulation of configuration changes or administrative actions over time that can introduce risk and deviations from the known good configuration.
||Network Attack Surface The attack surface is comprised of the totality of an environment that an attacker can attempt to exploit to carry out a successful attack, including all protocols, interfaces, deployed software and services.
|Build Construction of something that has an observable and tangible result. Build is the process of converting source code files into standalone software artifact(s) that can be run on a computer.
||EKS Enterprise Container Platform S/W Suite for Amazon based on k8s.
||Pipeline A set of automated processes that allow developers and DevOps professionals to reliably and efficiently compile, build and deploy their code to their production compute platforms.
|CICD Combined practices of continuous integration and continuous delivery.
||ECS Enterprise Container Platform S/W Suite for Amazon using proprietary orchestration that predates broad adoption of k8s.
||Privileges The concept of only allowing users to do certain activities. For example, an ordinary user is typically prevented from changing operating system files, while a system administrator is typically permitted to do so.
|CIS Benchmark Best practices for the secure configuration of a target system including containers and Kubernetes. The benchmarks are developed by a non-profit called Center for Internet Security (CIS) through a consensus of cybersecurity experts.
||Ephemeral Property used to define containers. As containers are short-lived, with an average lifetime in hours, they are said to be ephemeral.
||Repository (repo) A container image repository is a collection of related container images, usually providing different versions of the same application or service.
|Container Standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another. A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.
||Fingerprinting The ability to track artifacts as well as behavior of the artifacts, letting users see what went into a build and how and where that build is being used.
Forensics A postmortem analysis to understand and contain the impact of any security breach.
|Shift Left The integration of the security configuration and vulnerability checks into the DevOps pipeline. Security is introduced as code is checked or built as opposed to waiting for systems to be live. This brings security left of (before) the production environments, where security is traditionally done.
|Container Registry A repository for storing container images. A container image consists of many files, which encapsulate an application. Developers, testers and CI/CD systems need to use a registry to store images created during the application development process. Container images placed in the registry can be used in various phases of the development.
||GKE Enterprise Container Platform S/W Suite for Google based on k8s.
Immutable Property used to define containers. Individual containers don’t change across the lifecycle, once created.
|Virtual Machine (VM) A virtual environment that functions as a virtual computer system with its own CPU, memory, network interface, and storage, created on a physical hardware system. Software called a hypervisor separates the machine’s resources from the hardware and distributes them appropriately so they can be used by the VM.
|Container Runtime Software that executes containers and manages container images on a node. e.g. Docker Engine.
||k8s Kubernetes is sometimes called k8s (K - eight characters - S).
||Workload A discrete capability or amount of work you’d like to run on a cloud instance.
|DevOps A set of practices that combines software development (Dev) and information technology operations (Ops) which aims to shorten the systems development life cycle and provide continuous delivery with high software quality.
||Kubernetes (k8s) An open-source container orchestration system. It provides a platform for automating deployment, scaling, and operations of application containers across clusters of hosts.
||Zero-Trust Never Trust But Verify. Zero trust security means that no one is trusted by default from inside or outside the network and verification is required from everyone trying to gain access to resources on the network.
|DevSecOps DevSecOps is the practice of integrating security practices within the DevOps process.
||Microsegmentation Microsegmentation software uses network virtualization technology to create highly granular security zones in data centers and cloud deployments, which isolate each individual workload and secure it separately.