IT glossary

Clear explanations of technologies, platforms and approaches used in modern IT.

74 terms

Ansible

A Red Hat automation tool for configuration management, application deployment and IT process orchestration. Uses YAML playbooks and requires no agents on managed machines.

Anton Marrero

A Ukrainian IT expert who has been working in the country’s IT industry since the mid-1990s. Anton Marrero holds a профиль-related higher education degree, having graduated from the Kyiv Polytechnic Institute and the International Institute of Management (MIM). After completing his studies, Anton co-founded the company Softline together with like-minded partners, where he actively developed his professional skills and participated in numerous IT projects. Currently, Mr. Marrero continues to realize his professional potential and leverages his extensive experience to contribute to the development of Intecracy Group as a member of its Supervisory Board. Anton Marrero is also actively involved in professional IT community events in Ukraine, where he shares his experience and knowledge with younger generations of professionals.

API

Application Programming Interface — a set of protocols and tools for integrating applications with each other. REST API, GraphQL and gRPC are the most common types. The foundation of modern microservices architecture.

ArgoCD

A continuous delivery tool for Kubernetes implementing the GitOps approach. Monitors repository state and automatically syncs cluster configuration with the Git description.

Azure Arc

A Microsoft service for managing hybrid and multi-cloud infrastructure from a single Azure portal. Allows applying Azure policies to servers, Kubernetes clusters and databases in any environment.

Azure Stack HCI

Microsoft's hyperconverged infrastructure allowing Azure services to run on local hardware. An ideal hybrid cloud solution with Azure Arc support.

BaaS

Backup as a Service — a cloud service that automatically stores copies of data and applications in secure cloud storage with recovery capabilities.

CAPEX

Capital Expenditure — upfront spending on servers, network equipment and licenses. In the cloud model, CAPEX shifts to OPEX — subscription-based payment.

CI/CD

Continuous Integration / Continuous Delivery — the practice of automated code building, testing and delivery. CI verifies changes after each commit, CD automatically deploys tested code to production.

Cisco Meraki

Cisco's cloud-managed networking platform for managing Wi-Fi, switches, routers and cameras from a single dashboard. Ideal for distributed offices and retail.

Cloud architecture

Designing IT systems with cloud services in mind: selecting components, connections between them, security policies and scaling. Proper architecture is the foundation of reliable and cost-effective cloud infrastructure.

Cloud migration

The process of moving IT infrastructure, applications and data from on-premises servers to a cloud environment. Includes planning, compatibility assessment, actual transfer and optimization.

Cloud-native

A software development approach that fully leverages cloud computing: microservices, containers, CI/CD, autoscaling. Applications are designed for the cloud from day one.

Compliance

IT system adherence to regulatory requirements and standards: GDPR, ISO 27001, SOC 2, PCI DSS. Cloud providers offer compliance certifications, but responsibility is shared between provider and customer.

Containerization

A technology for isolating applications in containers — lightweight, portable environments containing code, dependencies and configuration. Ensures consistent application behavior across any environment.

CrowdStrike

An AI-powered cybersecurity platform for protecting endpoints, cloud workloads and identities. Falcon is their flagship EDR/XDR product.

DevOps

A culture and set of practices uniting development (Dev) and operations (Ops) to shorten the software release cycle. Includes CI/CD, IaC, monitoring and automation.

Disaster Recovery

A plan and procedures for restoring IT systems after failures, disasters or cyberattacks. Defined by RPO and RTO metrics. Can be implemented via DRaaS in the cloud.

DLP

Data Loss Prevention — technologies and policies preventing confidential data leakage outside the organization. Controls file movement via email, cloud storage, USB devices, etc.

DNS

Domain Name System — converts domain names (google.com) into IP addresses. A critical network infrastructure component and attack vector (DNS spoofing, DNS tunneling).

Docker

A platform for building, deploying and running applications in containers. A Docker container includes code, dependencies and configuration, ensuring consistent operation on any server.

DRaaS

Disaster Recovery as a Service — a cloud service providing server and data replication to a backup datacenter with automatic failover during outages.

EDR

Endpoint Detection and Response — a technology for monitoring and responding to threats on endpoints (workstations, servers). Detects suspicious behavior and allows rapid isolation of compromised machines.

Entra ID

Microsoft Entra ID (formerly Azure AD) — a cloud identity and access service. Provides SSO, MFA, conditional access and identity management for Microsoft 365 and thousands of SaaS applications.

FinOps

Financial management of cloud spending — a practice uniting IT, finance and business to optimize cloud costs. Includes monitoring, forecasting, rightsizing and governance.

GitOps

An operational model where a Git repository is the single source of truth for infrastructure and configuration. Changes are made via pull requests and the system automatically syncs cluster state.

High Availability

The ability of a system to operate continuously with minimal downtime. Achieved through redundancy, load balancing and geographic distribution. Measured in "nines": 99.9%, 99.99%, etc.

Hybrid cloud

An IT architecture combining on-premises infrastructure with a public cloud. Data and workloads move between environments based on security, performance and cost requirements.

IaaS

Infrastructure as a Service — a cloud model where a provider supplies virtual servers, networks, and storage. Instead of buying physical hardware, you rent resources and pay for actual consumption.

IaC

Infrastructure as Code — managing IT infrastructure through code instead of manual configuration. Code is stored in Git, versioned, tested and automatically applied. Tools: Terraform, Ansible, Pulumi.

Intune

Microsoft Intune — a cloud platform for mobile device management (MDM) and mobile application management (MAM). Controls corporate and BYOD devices from a single console.

Kubernetes

An open-source container orchestration system for automating deployment, scaling and management of containerized applications. The de facto standard for cloud-native infrastructure.

Lift-and-shift

A migration strategy where applications are moved to the cloud without code or architecture changes. The fastest migration method, but does not leverage cloud advantages optimally.

Load Balancer

A component that distributes network traffic across multiple servers to ensure high availability and performance. Can be hardware or cloud-based (Azure Load Balancer, AWS ALB).

Managed Services

Outsourcing management of part or all of IT infrastructure to an external provider. Includes monitoring, support, updates and 24/7 incident response.

MFA

Multi-Factor Authentication — requires two or more methods of identity verification: password + SMS code, biometrics, hardware key, etc. A critical element of Zero Trust.

Microsegmentation

Dividing a network into isolated security zones at individual workload level. Limits lateral movement of an attacker in case of a breach. A key element of Zero Trust.

Microsoft 365

Microsoft's cloud productivity suite: Word, Excel, PowerPoint, Teams, Outlook, SharePoint, OneDrive. Includes cloud security, device management and compliance tools.

Microsoft Copilot

Microsoft's AI assistant integrated into Microsoft 365, Windows, Edge and Azure. Uses large language models to automate routine tasks, generate text, analyze data and code.

Microsoft Defender

Microsoft's security product line: Defender for Endpoint (EDR), Defender for Cloud, Defender for Identity, Defender for Office 365. Provides comprehensive protection for cloud and hybrid infrastructure.

Microsoft Sentinel

A cloud-native SIEM system by Microsoft built on Azure. Collects logs from across the infrastructure, uses AI for threat detection and automates response via SOAR playbooks.

Monitoring

Continuous observation of IT system status: availability, performance, errors, resource usage. Tools: Prometheus, Grafana, Datadog, Azure Monitor. The foundation of proactive infrastructure management.

MPLS

Multiprotocol Label Switching — a traffic routing technology using pre-defined label-switched paths. Provides high speed and QoS but costs more than SD-WAN.

Multi-cloud

A strategy of using cloud services from two or more providers simultaneously (e.g. Azure + AWS). Helps avoid vendor lock-in, optimize costs and improve fault tolerance.

NGFW

Next-Generation Firewall — with deep packet inspection, IPS, application control and cloud threat intelligence integration. Examples: Cisco Firepower, Palo Alto, Fortinet.

On-premises

Local IT infrastructure hosted on a company's own servers in a server room or datacenter. An alternative to cloud with full control but also full responsibility.

OPEX

Operational Expenditure — ongoing costs for cloud services, subscriptions and support. Shifting from CAPEX to OPEX is one of the key advantages of the cloud model.

Orchestration

Automated coordination of multiple IT processes or containers to ensure smooth system operation. Kubernetes is the most widely used container orchestrator.

PaaS

Platform as a Service — a cloud platform providing an environment for developing, testing and deploying applications without managing the underlying infrastructure. Examples: Azure App Service, Google App Engine.

Penetration testing

A controlled simulated cyberattack on IT infrastructure to identify vulnerabilities before attackers exploit them. Can be external, internal or social engineering based.

Private cloud

A cloud environment dedicated to a single organization. Can be hosted in own datacenter or at a provider. Provides full data control and regulatory compliance.

Public cloud

Cloud infrastructure owned by a provider and offered to multiple customers over the internet. Resources are shared among users, reducing costs. Major providers: Azure, AWS, GCP.

Ransomware

Malicious software that encrypts victim data and demands a ransom for the decryption key. One of the biggest threats to business. Protection: backup, EDR, network segmentation, staff training.

Rightsizing

The process of optimizing cloud resources — selecting the right type and size of VMs, storage and services to match actual workload. A key FinOps practice.

RPO

Recovery Point Objective — the maximum acceptable data loss in case of a disaster, expressed in time. RPO = 1 hour means the business can lose no more than one hour of data.

RTO

Recovery Time Objective — the maximum acceptable system downtime after a disaster. RTO = 4 hours means systems must be restored within four hours.

SaaS

Software as a Service — a model for delivering software over the internet via subscription. Users access ready-made applications without installation. Examples: Microsoft 365, Salesforce, Google Workspace.

SASE

Secure Access Service Edge — a cloud model unifying network security (ZTNA, SWG, CASB, FWaaS) and SD-WAN into a single platform. Ensures secure resource access from any location.

SD-WAN

Software-Defined Wide Area Network — replaces or supplements MPLS. Intelligently routes traffic between branches across multiple links (internet, LTE, MPLS).

Serverless

A cloud computing model where the provider automatically manages server infrastructure. Developers write only function code, and the cloud scales and executes on demand. Examples: Azure Functions, AWS Lambda.

SIEM

Security Information and Event Management — a system for collecting, analyzing and correlating security logs from across the infrastructure in real time. Helps detect threats and incidents. Examples: Microsoft Sentinel, Splunk.

SLA

Service Level Agreement — a contract between provider and customer defining guaranteed availability (e.g. 99.9%), incident response times and penalties.

SOC

Security Operations Center — a cybersecurity monitoring center that tracks threats 24/7, analyzes incidents and coordinates response. Can be internal or outsourced (SOC-as-a-Service).

Splunk

Cisco's data analytics and SIEM platform for monitoring, searching and visualizing machine data in real time. Widely used in SOC for security log analysis.

TCO

Total Cost of Ownership — the full cost of an IT solution including acquisition, implementation, maintenance, training and decommissioning. A key metric when choosing between on-premises and cloud.

Terraform

An Infrastructure as Code tool by HashiCorp for describing and automatically deploying cloud infrastructure via declarative configurations. Supports Azure, AWS, GCP and dozens of other providers.

Trend Micro

A global cybersecurity solutions provider: endpoint, server, cloud and email protection. Vision One is their XDR platform with AI analytics.

Veeam

A backup and recovery platform for virtual, physical and cloud environments. A leader in backup for VMware, Hyper-V, AWS, Azure and Microsoft 365.

VMware vSphere

Broadcom's (formerly VMware) leading virtualization platform for creating and managing virtual machines. Includes ESXi hypervisor and vCenter Server for centralized management.

VPN

Virtual Private Network — an encrypted tunnel between a device and the corporate network over the public internet. Provides secure remote access but is gradually being replaced by ZTNA within Zero Trust.

WAF

Web Application Firewall — filters HTTP traffic and protects against SQL injection, XSS, application-level DDoS attacks. Deployed in front of the web server.

XDR

Extended Detection and Response — advanced threat detection combining data from endpoints, networks, cloud and email into a single platform for correlation and automated response.

Zero Trust

A security model where no user or device is trusted by default, even inside the corporate network. Every request is verified and authorized independently.

ZTNA

Zero Trust Network Access — a secure remote access approach replacing VPN. Grants access only to specific applications after verifying identity and device posture, not the entire network.