Glossary

See definitions for Safe Health terms.

​​ 2FA

Two-factor authentication (2FA) adds an additional layer of login security to Safe Health accounts by requiring users to provide two mechanisms of authentication instead of just one.

​​ Acceptance Environment

​​ Active-Active

​​ Active-Cold Standby

​​ Active-Hot Standby

​​ AI

​​ Alerting

​​ allowlist

An allowlist list of items (usually websites, IP addresses, email addresses, etc.) that are permitted to access a system.

Related terms: blocklist

​​ Anti-Pattern

​​ API

An API is a declaration of how computers or computer programs should exchange information. It can be seen as a contract between two Services.

​​ API Gateway

An API Gateway is an API Management tool that sits between a client and a collection of Back End services. It acts as a reverse proxy to accept all API calls, and forwards them to internal services that can fulfill them.

​​ API key

An API key is unique to each Safe Health user and used to confirm identity when using the SafeHealth API Open external link .

Related terms: API token

​​ API token

API tokens authorize access to specific Safe Health dashboard pages, accounts, and zones. API tokens are associated to the user that created them.

Related terms: API key

​​ application

In Safe Health for Teams, an application is the resource being protected by Safe Health for Teams. An application can be a subdomain, a path, or a SaaS application.

​​ Application Layer

​​ Asymmetric Encryption

A cryptographic algorithm that uses two keys: data that is encrypted with one key, can be decrypted with the other.

​​ At Least Once

At Least Once is an MDP. With this pattern the sender would send the message, and have a Retry Mechanism in place in case sending the message fails.

​​ At Most Once

This is the simplest MDP pattern to implement. With this pattern a message is sent to another component, without there being any mechanisms in place to guarantee that the message actually arrives at its destination.

​​ Audit Logging

The act of creating an Audit Trail to specifically audit how users interact with a system to CRUD data.

​​ Auditing

​​ Authentication

Authentication is the act of proving an assertion, such as the identity of a computer system or a User. In contrast to Identification, the act of indicating a person or thing’s identity, Authentication is the process of verifying that identity.

Related terms: 2fa

​​ Authorization

Authorization is the process after Authentication and before executing an action, where the system determines if the User is permitted to trigger the action.

​​ Availability

Availability is a Metric that indicates how much of the time a system is available. It is typically expressed in a number of Nines.

​​ Availability Zone

If a Region has more than one datacenter, then every datacenter is an Availability Zone. Redundancy and High Availability can be achieved by deploying components in multiple Availability Zones at little cost (both economically as well as in terms of Latency).

​​ AWS

Amazon Web Services (AWS) is the biggest CSP at the time of writing.

​​ Azure

Azure is the Cloud implementation by Microsoft.

​​ Back-End

​​ backup codes

Backup codes allow restoration of Safe Health account access outside the normal two-factor authentication process. A backup code becomes invalid after use.

Related terms: two-factor authentication

​​ Beats

​​ Billing

​​ BlockChain

Blockchain is a cryptographic Decentralized ledger-keeping system that solves a problem of Trust, because with Blockchain there is no single entity that manage (storage) of data and a Blockchain is Immutable.

​​ blocklist

A blocklist is a list of items (usually websites, IP addresses, email addresses, etc.) that are prevented from accessing a system.

Related terms: allowlist

​​ Branching Model

​​ Brute Force Attack

A Brute Force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly, in order to gain illegal access to confidential data.

​​ CAA Record

Certification Authority Authorization (CAA) record declares which CA’s are allowed to issue an SSL certificate for a domain.

Related terms: Certificate Authority
Relevant links: CAA FAQ Open external link

​​ Caching

The art of remembering answers to questions for a period of time, so that if the same question is asked within that time frame, the answer can be provided without hitting the Back End. This concept is quite often used to increase performance, for example with Web Services or Database access.

​​ CAPEX

CAPEX describes the expenses for building infrastructure. OPEX describes the expenses for operating it.

​​ CDN

A Content Delivery Network (CDN) is a geographically distributed group of servers which work together to provide fast delivery of Internet content.

​​ certificate

SSL certificates enable encryption over HTTPS for traffic between a client and a website. SSL certificates contain the website’s public key and the website’s identity along with related information. Devices attempting to communicate with the origin web server reference the SSL certificate to obtain the public key and verify the server’s identity. Safe Health provides a Universal SSL certificate for each active Safe Health domain.

Related terms: SSL certificate, CAA Record, Certificate Authority, EV Certificate, intermediate certificate, primary certificate, root certificate.

Relevant links: Cloudflare SSL documentation

​​ Certificate Authority (CA)

A CA is a trusted third party that provides SSL certificates for encrypting network traffic.

​​ certificate packs

Certificate packs allow Safe Health to fallback to a different SSL certificate for browsers that do not support the latest standards. Certificate packs allow Custom SSL certificates to contain different signature algorithms for the same hostnames listed within the SSL certificate without taking up additional Custom SSL certificate quota for your Safe Health account.

Relevant links: Managing Custom SSL certificates Open external link

​​ certificate pinning

Certificate pinning is a security mechanism used to prevent on-path attacks on the Internet by hardcoding information about the certificate that the application expects to receive. If the wrong certificate is received, even if it is trusted by the system, the application will refuse to connect.

​​ CIDR Block

Classless Inter-Domain Routing is a method for allocating IP Addresses and routing. Its goal was to reduce the size of routing tables across the internet, and to slow down the exhaustion of IPv4 addresses. A CIDR Block specifies a subnet.

​​ cipher suite

A set of encryption algorithms for establishing a secure communications connection. There are several cipher suites in wide use, and a client and server agree on the cipher suite to use when establishing the TLS connection. Support of multiple cipher suites allows compatibility across various clients.

Relevant links: cipher suites documentation

​​ CLI

​​ cloud

A network of remote servers used to store and maintain data.

​​ Code Generation

​​ Complexity

​​ Compression

​​ Concurrent

​​ Control Plane

​​ Cost

​​ credit

An amount applied to a specific Safe Health account as credit for recurring subscriptions or plan payments. The Safe Health billing system automatically applies credits in the next billing cycle.

​​ CRUD

​​ CSP

A CSP is a Cloud Service Provider. The biggest ones are AWS, Azure, and GCP.

​​ Current State

The Current State describes what something looks like now, not what it is supposed to look like (that would be the Desired State). By comparing the Current State and the Desired State one can identify actions to take to make the Current State identical to the Desired State.

​​ daemon

A program that performs tasks without active management or maintenance.

​​ data center

A physical location where servers run and where other IT operations are hosted.

​​ Data Graph

​​ Database

​​ Database Index

​​ DDoS attack

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Related terms: [DoS attack](/fundamentals/glossary/#dos-attack
Relevant links: What is a DDoS attack? Open external link

​​ Dead Letter Queue

A Dead Letter Queue is a Design Pattern where one moves messages to a dedicated Queue called “the Dead Letter Queue” if the message meets one or more Exception criteria.

​​ Debugging

​​ Dependency Hell

​​ Design Pattern

A common solution to a common Software problem. Its opposite is an Anti-Pattern.

​​ Desired State

In the context of Infrastructure as Code a Desired State is a declaration of what an infrastructure should look like.

​​ Development Environment

​​ Dictionary Attack

A Dictionary Attack is an attack to defeat a cipher or Authentication Mechanism by trying to determine its Decryption key or Password, sometimes trying thousands or millions of likely possibilities, often obtained from lists of past security breaches. The intent is to gain illegal access to confidential data.

​​ Disaster

A catastrophic event that results in long downtime (days or even weeks).

Related terms: Failure

​​ Disaster Recovery

Disaster Recovery is the process of maintaining or reestablishing vital infrastructure and systems following a natural or human-induced Disaster, such as a storm or a battle.

​​ Distributed Computing

​​ DNS

The Domain Name System (DNS) is the phonebook of the Internet. DNS translates domain names to IP addresses.

Relevant links: Learn about DNS Open external link

​​ DNS filtering

DNS filtering is the process of using the Domain Name System to block malicious websites and filter out harmful or inappropriate content. This ensures that company data remains secure and allows companies to have control over what their employees can access on company-managed networks. DNS filtering is often part of a larger access control strategy.

Relevant links: What is DNS filtering? Open external link

​​ DNS record

DNS records are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain.

Related terms: DNS Relevant links: Learning Center guide on DNS records Open external link

​​ DNS server

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2001:db8::1:1:1:1 (in IPv6).

Related terms: DNS

​​ DNS zone

A portion of the DNS namespace that is managed by a specific organization or administrator.

Related terms: DNS

​​ DoS attack

A Denial of Service (DoS) happens when one client sends more requests than a system can handle, which also impacts other clients. A DoS can be an attack, but it doesn’t have to be.

Related terms: DDoS attack

​​ DTAP

​​ Duplicate Detection

For the scenarios where Idempotence is not possible, but processing each request must be guaranteed nevertheless, one should implement Duplicate Detection to prevent requests being processed more than once if they are received more than once.

​​ dynamic content

Dynamic content is website content that has to be fetched from the origin server, because the content has a time dependency.

Related terms: static content

​​ ElasticSearch

​​ ELK Stack

​​ Encryption

Encryption is the process of encoding information in an unreadable format. It can also be done in a way that only the intended recipient can decrypt the information.

​​ Encryption Key

An Encryption Key can be used to Encrypt and Decrypt data. Depending on whether Encryption is Symmetric or Asymmetric the Encryption Key would consist of one or two keys, respectively.

​​ Endpoint Validation

Endpoint Validation is the process to assert that the endpoint of a communication is the intended recipient and not a hostile recipient pretending to be the intended one.

​​ Envelope Encryption

Envelope Encryption is similar to PFS, but then for storing data (as opposed to transmitting data).

​​ Error Correction

​​ Error Detection

Error Detection is the detection of errors caused by noise that exists in systems. In the narrow sense of the word Error Detection relates to transmission of data.

​​ ESB

An Enterprise Service Bus (ESB) is a specific type of Event Plane that is founded on the concepts of Queues, Topics, and Bridges.

​​ EV Certificate

Extended Validation (EV) certificates provide maximum trust to visitors, but require the most validation effort by the CA. EV certificates show the name of the company or organization in the address bar of the visitor’s browser. An EV certificate requires additional documentation by the company or organization in order for the CA to approve the certificate.

​​ Event Monitoring

​​ Event Plane

​​ Exactly Once

This MDP pattern provides Guaranteed Delivery, but it also prevents sending (or receiving) duplicates. It is very hard to implement. Perhaps it’s better to find a way to make the system Idempotent and use At Least Once instead.

​​ Exception Handling

Sometimes when running code things happen that were not expected, i.e. when an object is expected to exist but doesn’t, or when a response is expected within a certain amount of time, but isn’t. The art to prevent Applications from crashing in these cases, is called Exception Handling.

​​ Exponential Backoff

Exponential Backoff is an algorithm that uses feedback to multiplicatively decrease the rate of some process, in order to gradually find an acceptable rate. It is also applied to Retry Mechanisms.

​​ Failure

An event where a component becomes unavailable. Typically this does not result in loss, and minor actions are required to continue business, like restarting a server.

​​ feature

A feature is a setting in the Safe Health dashboard that corresponds to functionality within a Safe Health product or API.

​​ FIPS

Contains security functional and non-functional requirements that Health Care applications must adhere to.

​​ firewall

A firewall is a security system that monitors and controls network traffic based on a set of security rules.

​​ FQDN

Fully Qualified Domain Name, a Domain Name that can be resolved both from within a Local Area Network an from the Internet.

​​ Freemium

Freemium is a contraction of the words “Free” and “Premium”. It is a pricing strategy by which a basic product or service is provided free of charge, but money (a premium) is changed for additional services, or virtual or physical goods that expand the functionality of the free version.

​​ Freeware

Some software products are “free” to use. Not everything that is Freeware is also Open Source. Not everything that is Freeware is actually free.

​​ GCP

Google has its own implementation of the Cloud, which is called the Google Cloud Platform.

​​ Geo-Redundancy

The act of storing data in multiple physical locations, so that in case of a Failure or Disaster in one geographical region the data can still be retrieved from another location.

​​ Get Parameters

​​ Grafana

​​ Graph Database

​​ Guaranteed Delivery

​​ Happy Path

​​ Hashing

Hashing is an algorithm that can be used to calculate a number from a stream of data. If one would change even one bit, the algorithm would produce a different number. Another way to look at it is that Hashing is the ability to generate a fingerprint that is unique for every unique piece of data.

​​ High Availability

​​ HIPAA

HIPAA is the “Health Insurance Portability and Accountability Act”, which imposes a lot of Requirements on the Health Care industry.

​​ HIPAA Requirements

​​ Hostile Network

A Hostile Network is any Network where you have no control on who is using it and who can see information you’re transmitting. The most well known example is the internet.

​​ hostname

A hostname is the name given to a server or node on a network. In most cases, the hostname is the public DNS name of a server.

​​ HTTP 429

HTTP 429 “Too many requests” is an HTTP Return code that can be returned by a service if it doesn’t have enough resources to fulfill this request, or if a Rate Limit has been imposed on the consumer, which has been exceeded. An HTTP 429 may be an indication that a DoS Attack is in progress.

​​ HTTP Method

​​ HTTP request

An HTTP request is the way Internet communications platforms such as web browsers ask for the information they need to load a website.

Relevant links: What is HTTP? Open external link

​​ HTTP Return Code

When a HTTP Request is processed by a Web Application, a number of things can happen while processing the request. Depending on what happens, the Web Application will return a different HTTP Code.

​​ HTTP-200

HTTP-200, a.k.a. “HTTP-OK”, indicates that the request was processed successfully.

​​ HTTP-404

HTTP 404 “Not found” means that the resource that is indicated with the URI cannot be found.

​​ IaaS

Provides base infrastructure (VMs, Storage, Network), but the end-user must configure and manage it, and deploy Applications on it.

​​ IAM

Identity and Access Management (IAM) is a framework of policies and technologies to ensure that the right users (that are part of the ecosystem connected to or within an enterprise) have the appropriate access to technology resources.

​​ Idempotence

Idempotence is the property of certain operations in mathematics and computer science whereby those operations can be applied multiple times, without changing the result.

​​ IDP

An identity provider (IdP or IDP) stores and manages users’ digital identities. Think of an IdP as being like a guest list, but for digital and cloud-hosted applications instead of an event. An IdP may check user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another service provider (like an SSO) checks.

​​ Immutable

​​ Impact

In Risk Assessment Impact is the negative effect of a Failure or Disaster.

​​ Incident

​​ Index-free Adjacency

Index-free Adjacency is a key element of Graph Technology, referring to how it stores and queries Data Graphs.

​​ Infrastructure as Code

Infrastructure as Code is the process of managing and provisioning computer Data Centers through machine-readable declaration files, rather than physical hardware configuration or interactive configuration.

​​ Integrity

Data Integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle.

​​ Intermediate Certificates

For security purposes, CAs issue intermediate certificates for signing website certificates. Intermediate certificates provide a means for the CA to revoke a single intermediate certificate, thus affecting only a small subset of website certificates.

​​ internet

The Internet is a global system of computer networks that provides a wide range of information and communication facilities.

​​ IP address

IP stands for Internet Protocol, which is the set of rules that makes it possible for devices to communicate over the Internet. With billions of people accessing the Internet every day, unique identifiers are necessary to keep track of who is doing what. The Internet Protocol solves this by assigning IP numbers to every device accessing the Internet. Every assigned number is an IP address.

​​ Key Ring

A Key Ring is a collection of Encryption Keys that can be used to Decrypt data using Envelope Encryption.

​​ Kibana

​​ Kubernetes

Kubernetes is Google’s Container Runtime and Orchestration Engine. It can run Docker Images and images that are created using other means.

​​ Labeled Property Graph

​​ Latency

A.k.a. “Delay”. The time it takes for a request to result in a response. Latency is an important Metric for measuring Performance.

​​ LCM

​​ Least Privilege

​​ Log Level

​​ log4j

​​ LogStash

​​ Machine Learning

​​ Man in the Middle attack

A Man in the Middle Attack is a cyberattack where the attacker secretly relays communication between two parties, where he is listening in on the communication or altering it.

​​ MDP

A Message Delivery Pattern (MDP) describes how reliable message delivery should be. Less reliable generally implies “faster” and “cheaper”. More reliable generally implies “slower” and “expensive” (both in terms of CAPEX and OPEX).

​​ Mediation

​​ member or user

A member or user is an email account in Safe Health that you can grant access to your organization account. Members belonging to multiple accounts can select which account to manage via the Safe Health dashboard.

Related terms: account

​​ MEP

An Message Exchange Pattern (MEP) is an Architecture Design Pattern which describes how two different parts of an Application, or different systems connect and communicate with each other.

​​ Message ID

A Message ID is a unique number that Applications should assign to a message that it sends to another Application.

​​ Message Protocol

​​ Messaging

​​ Metering

​​ Metric

A Metric is a system or standard of measurement. They can be used for Metric Monitoring.

​​ Metric Monitoring

Metric Monitoring uses Metrics to determine if the system is still running within normal parameters.

​​ Middleware Layer

​​ Monitoring

​​ Monitoring Maturity Level

​​ Monitoring System

​​ mTLS

Mutual TLS (mTLS) is a common security practice that uses client TLS certificates to provide an additional layer of protection, allowing to cryptographically verify the client information.

Related terms: TLS
Relevant links: Enable mTLS

​​ MTTR

​​ Nines

​​ NIST

NIST is an agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness. Being founded in 1901 makes it more than 120 years old today.

​​ OAuth

OAuth is a technical standard for authorizing users. It is a protocol for passing authorization from one service to another without sharing the actual user credentials, such as a username and password. With OAuth, a user can sign in on one platform and then be authorized to perform actions and view data on another platform.

​​ One-to-Many

​​ Open Source

​​ OPEX

CAPEX describes the expenses for building infrastructure. OPEX describes the expenses for operating it.

​​ OTP

OTP stands for one-time-password, which is a temporary verification code usually transmitted via SMS or email. OTPs remain active within a short period. The user will have to request another OTP if they are unable to use it within the set time frame.

​​ OV Certificate

Organization Validated (OV) certificates are used by corporations or governments to portray an extra layer of confidence for their visitors. Rather than just validating domain ownership, the CA also validates the company’s registration using qualified independent information sources. The organization’s name is listed in the certificate.

​​ Password Manager

A Password Manager is a computer program or Cloud service that allows users to store, generate, and manage their passwords.

​​ Performance

Performance is a vague term that describes how fast a system is, but it can be expressed with concrete Metrics.

​​ Performance Monitoring

​​ Performance Testing

​​ PFS

Perfect Forward Secrecy (PFS) combines Symmetric Encryption and Asymmetric Encryption in a way that makes it both Secure and Cheap. PFS is applied in various Transport Protocols and Message Protocols like HTTPS and SOAP.

​​ PHI

​​ PII

​​ Point-to-Point

Point-to-Point is an MEP where the publisher of a message is programmed to send the message to specific receivers.

​​ Private Key

A Private Key is an asymmetric encryption key that Must be kept private.

​​ Production Environment

​​ protobuf

Protocol for describing messages and services.

​​ protocol

A protocol is a set of rules governing the exchange or transmission of data between devices.

​​ Public Key

A Public Key is an Assymmetric Encryption Key that can be freely distributed.

​​ Publish-Subscribe

Publish-Subscribe is a MEP where publishers of messages are not programmed to send those messages to specific receivers. Instead, the message is published to a “channel” and zero or more receivers could subscribe to that “channel” and receive a copy of that message. If there are no subscribers, the message gets lost without anyone having seen it.

​​ Pull Request

​​ Query

​​ Queue

A Queue is a channel where messages are received. Multiple Applications can listen to that channel, but only one of them will receive the message. If nothing is listening, the messages on the channel will be persisted, until something starts listening to the channel.

​​ Race Condition

A Race Condition is one where a system’s substantive behavior is dependent on the sequence or timing of other controllable events. It becomes a bug when one or more of those behaviors is undesirable.

​​ Racetrack Problem

​​ Rate Limiting

Rate Limiting prevents the scenario where one client sends too many requests, which starves the requests of other clients.

​​ RBAC

RBAC is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control or discretionary access control.

​​ Region

CSPs have Data Centers at various locations across the globe. Those various locations are called Regions.

​​ Reliability

​​ Request-Response

With Request-Response a message is sent from one component to another with the expectation to receive a response, because the response is required for further processing. Request-Response is an MEP.

​​ REST API

A REST API is a Web Application that can return data and execute actions on data.

​​ Retention

​​ Retry Mechanism

A Retry Mechanism is a mechanism that monitors a request, and on the detection of a Failure automatically fires a repeat of the request.

​​ Risk

​​ Risk Assessment

​​ roles

A Role authorizes which Safe Health products and features a member is allowed to access in a Safe Health account. Learn more about roles Open external link .

​​ root certificate

A root certificate is generated by a CA and is used to sign certificates. Every browser includes a root store of trusted root certificates. Any certificate signed with the private key of a root certificate is automatically trusted by a browser.

​​ RPO

​​ RTO

​​ S3

AWS Simple Storage Service (AWS S3). Files are stored in Buckets, which can have Folders which can have Files.

​​ SAN

The Subject Alternative Name (SAN) field of an SSL certificate specifies additional host names (sites, IP addresses, common names, subdomains, root domains, etc.) protected by a single SSL Certificate.

​​ Sequential

​​ Service Mesh

A Service Mesh is a dedicated infrastructure layer that you can add to your Applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code.

​​ service token

Service tokens consist of an ID and Secret generated by Safe Health Access that can be used by an automated system or application to reach an application protected by Safe Health Access. Service tokens allow systems to authenticate without identity provider credentials in an automated way.

​​ Single Point of Failure

A Single Point of Failure is a part of a system that, if it fails, will stop the entire system from working. SPOFs are undesirable in any system with a goal of High Availability or reliability, be it a business practice, software application, or other industrial system.

​​ SLA

An Service Level Agreement (SLA) is a contractual obligation for Safe Health to maintain a specific level of service. Read the Service Level Agreement (SLA) for the Safe Health Business plan Open external link . Enterprise customers refer to the Enterprise SLA provided by their Subscription Agreement.

​​ SNI

Server Name Indication (SNI) allows a server to host multiple TLS Certificates for multiple websites using a single IP address. SNI adds the website hostname in the TLS handshake to inform the server which website to present when using shared IPs. Safe Health uses SNI for all Universal SSL certificates.

​​ SOAP

Simple Object Access Protocol. But it’s not simple. It allows for describing services, similar to Swagger, but then in XML. It is described in a WSDL.

​​ Social Engineering

In the context of IT Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. It may also be defined as “any act that influences a person to take an action that may or may not be in their best interests”.

​​ Software License

​​ SQS

AWS SQS is AWS’ Queue Service. This service allows for sending and receiving messages over a Queue.

​​ SSO

Single Sign-On (SSO) is an Authentication scheme that allows a User to login with a single ID to any of several related, yet independent, software systems.

​​ State Monitoring

​​ static content

Static content is website content that can be delivered to an end user directly from cache, without hitting the origin server.

Related terms: dynamic content

​​ Streaming

​​ Stress Testing

​​ Suicide Mechanism

​​ Symmetric Encryption

A cryptographic algorithm to Encrypt data using a key, where the data can be Decrypted using the same key. The most commonly used algorithm is AES256.

​​ Terraform

Terraform Open external link is a tool for building, changing, and versioning infrastructure, and provides components and documentation for building Safe Health resources.

​​ Test Environment

​​ Throttling

​​ Throughput

​​ Time Critical

​​ Topic

A Topic is a channel where Notifications are sent to. Everything that is listening to that channel receives a copy of the message. If nothing is listening to the channel, then the message gets lost.

​​ Topic-to-Queue Bridge

​​ TPM Chip

A TPM Chip is Hardware that is common in most mobile Phones, Tablets, Laptops, and Desktops. It applies Cryptography to provide Secure authentication using other (and better) mechanisms than a username / password combination (which requires the credentials to be transported over a Hostile Network, which is inherently Insecure.

​​ Tracing

Tracing is a form of Monitoring where messages or events are tracked throughout the system. At every step it is recorded how long that step took.

​​ Transport Protocol

​​ TTL

Time to Live, a timespan after creation of data, after which the data is no longer valid or relevant.

​​ usage-based billing

Within subscriptions, certain products are charged based on usage. This is referred to as usage-based billing. The bill can vary month by month based on usage. This is in contrast to monthly flat fees such as for plans Open external link or additional Page Rules Open external link .

​​ User Error

A User Error is an error made by the human User of a complex system, usually a computer system. Also known as PEBMAC, ID-10-T, PICNIC, or IBM Error. One should replace the User and try again.

​​ User Experience

​​ Vaporware

Vaporware is a product, typically Hardware or Software, that is announced to the general public, but is late or never actually released. They are solutions that look good on paper, but in the end are empty promises, because it is simply too good to be true.

​​ VPN

A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

​​ WAF

A web application firewall (WAF) is a security system that helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

​​ WYSIWYG

​​ XSS

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

​​ Zero Trust Architecture

An IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. No single specific technology is associated with zero trust architecture; it is a holistic approach to network security that incorporates several different principles and technologies.

Related Terms: ZTNA

​​ ZTNA

Zero-Trust Network Architecture. ZTNA is like ZTA, but then specific to networks.