IT & Cybersecurity Glossary

The world of managed IT and cybersecurity is full of acronyms and technical terms. This glossary provides straightforward definitions to help business owners and decision-makers understand the technology that protects and powers their organisations.

A

Active Directory (AD)

Microsoft's directory service used to manage users, computers and access permissions within an organisation. Active Directory stores user account information and enforces security policies across a Windows network. Most UK businesses use Active Directory (on-premises) or Azure Active Directory (cloud) to control who can access what resources.

Anti-Phishing

Technical measures and policies designed to detect and block phishing emails — fraudulent messages that impersonate legitimate senders to steal credentials or deploy malware. Anti-phishing tools in email platforms like Microsoft 365 Defender use machine learning to identify suspicious senders, spoofed domains, and malicious links before they reach user inboxes.

Azure

Microsoft's cloud computing platform, providing infrastructure (virtual machines, storage, networking), platform services (databases, app hosting) and software services. For UK businesses, Azure offers data centre regions in the UK South (London) and UK West (Cardiff), enabling data residency compliance. See also: Cloud Services.

B

Business Continuity Plan (BCP)

A documented strategy for maintaining essential business functions during and after a disruptive incident — whether a cyberattack, fire, power outage, or supplier failure. A BCP defines which functions are critical, who is responsible for recovery actions, what manual workarounds exist, and how communication will be managed. It works alongside a Disaster Recovery Plan, which focuses specifically on IT system recovery.

C

Cloud Computing

The delivery of IT resources — servers, storage, databases, software — over the internet on a pay-as-you-use basis, rather than owning and operating physical hardware. The three main cloud service models are IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Microsoft Azure, Microsoft 365, and Salesforce are all examples of cloud services used by UK businesses.

Conditional Access

A security feature in Microsoft Entra ID (formerly Azure AD) that enforces access policies based on conditions — such as user location, device compliance status, or sign-in risk level. For example, Conditional Access can require multi-factor authentication for any login from outside the office, or block access from non-managed devices. It is a key component of a Zero Trust security architecture.

Cyber Essentials

A UK government-backed cybersecurity certification scheme administered by the NCSC. It certifies that an organisation has implemented five fundamental security controls: secure configuration, access controls, software updates, malware protection, and network boundary controls. Cyber Essentials Plus adds independent technical verification. Required for some UK government contracts and increasingly requested by enterprise clients. See: Certifications.

Cybersecurity

The practice of protecting computer systems, networks, applications and data from digital attack, damage or unauthorised access. Cybersecurity encompasses technical measures (firewalls, antivirus, encryption), procedural controls (access policies, incident response plans), and human factors (staff training, phishing awareness). For UK businesses, effective cybersecurity is both a commercial necessity and, increasingly, a regulatory requirement.

D

DMARC / SPF / DKIM

Three email authentication protocols that together prevent criminals from sending emails that appear to come from your domain. SPF (Sender Policy Framework) specifies which mail servers are authorised to send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails. DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receiving mail servers what to do when SPF or DKIM checks fail — and sends reports back to domain owners. All three should be configured for any business email domain.

Disaster Recovery (DR)

The process of restoring IT systems, data and infrastructure after a disruptive event such as ransomware, hardware failure, or a natural disaster. Key DR metrics are RTO (Recovery Time Objective — how quickly systems must be restored) and RPO (Recovery Point Objective — how much data loss is acceptable). A DR plan defines the sequence of recovery actions and is only reliable if tested regularly. See: Disaster Recovery Services.

DSP Toolkit (DSPT)

The NHS Data Security and Protection Toolkit — an online self-assessment tool that NHS-connected organisations use to demonstrate they handle patient data securely and in line with national standards. Mandatory for GP practices, dental practices, NHS trusts, and any organisation with access to NHS patient data. Annual submission to NHS Digital is required to maintain access to NHS systems.

E

EDR (Endpoint Detection and Response)

A security technology that continuously monitors endpoint devices (laptops, desktops, servers) for suspicious behaviour and automatically responds to threats. Unlike traditional antivirus, which blocks known malware signatures, EDR detects novel threats through behavioural analysis — identifying suspicious processes, lateral movement, and ransomware encryption activity. Leading EDR platforms include Microsoft Defender for Endpoint and CrowdStrike Falcon.

Encryption

The process of converting data into an unreadable format that can only be decoded with the correct key. Encryption protects data both at rest (stored on a device or server) and in transit (moving across a network). AES-256 is the encryption standard used by UK government and most enterprise security frameworks. UK GDPR recommends encryption as an appropriate technical measure for protecting personal data.

F

Firewall

A network security device (hardware or software) that monitors and controls incoming and outgoing network traffic based on predefined security rules. A next-generation firewall (NGFW) goes beyond basic port/protocol filtering to inspect application-layer traffic, detect threats in encrypted traffic, and apply user- and application-aware policies. Vertex9 deploys Fortinet FortiGate NGFWs as part of its network and security solutions.

H

Helpdesk

The primary point of contact for IT support — where users report problems, request assistance, and receive guidance. A managed IT helpdesk handles incidents (something has broken) and service requests (a new user needs setting up). Helpdesk SLAs (Service Level Agreements) define response and resolution times. Vertex9's helpdesk is staffed 24/7 for critical issues.

I

ISO 27001

The international standard for Information Security Management Systems (ISMS). ISO 27001 certification demonstrates that an organisation has implemented a comprehensive, risk-based approach to managing information security — covering policies, procedures, technical controls and continual improvement. It is more comprehensive than Cyber Essentials and is often required for contracts with large enterprise or public sector clients.

Intune

Microsoft Intune is a cloud-based Mobile Device Management (MDM) and Mobile Application Management (MAM) platform. It enables organisations to enrol, configure and secure devices (Windows, macOS, iOS, Android) from a central dashboard — enforcing encryption, PIN policies, application deployment, and conditional access. Intune is included in Microsoft 365 Business Premium and E3/E5 plans.

M

Managed Service Provider (MSP)

An IT company that proactively manages a business's IT infrastructure under a subscription model. An MSP monitors systems continuously, provides a helpdesk for user support, manages security, applies updates, and handles incidents — typically for a fixed monthly fee per user or device. Vertex9 is a managed service provider specialising in cybersecurity-led IT management for UK businesses.

MFA / 2FA (Multi-Factor Authentication)

A security mechanism requiring users to provide two or more verification factors to access a system — typically something they know (password) plus something they have (authenticator app, SMS code, hardware token). MFA significantly reduces the risk of account compromise from stolen or phished credentials. It is a mandatory requirement under Cyber Essentials and a baseline expectation for any business using cloud services.

Microsoft 365 (M365)

Microsoft's cloud-based productivity and security platform, combining Office applications (Word, Excel, PowerPoint), collaboration tools (Teams, SharePoint, OneDrive), email (Exchange Online), and security capabilities (Defender, Intune, Purview). Available in multiple tiers — Business Basic, Business Standard, Business Premium, E3, E5 — with higher tiers adding advanced security and compliance features. See: Microsoft 365 Services.

MPLS (Multiprotocol Label Switching)

A private WAN connectivity technology delivered by telecommunications carriers that routes network traffic across a dedicated, managed backbone rather than the public internet. MPLS provides guaranteed bandwidth, low latency and quality of service — but at significantly higher cost than broadband alternatives. Increasingly replaced by SD-WAN for multi-site UK businesses. See: SD-WAN vs MPLS.

N

NIS2 Directive

The EU Network and Information Security Directive 2 — an EU cybersecurity regulation that expands the scope of mandatory cyber resilience requirements to a broader range of sectors and organisations. While the UK left the EU before NIS2 came into force, UK businesses in EU supply chains or with EU operations need to understand NIS2 obligations. The UK has its own NIS Regulations and is developing a Cyber Resilience Act. See: NIS2 & UK Businesses.

O

OT (Operational Technology)

Hardware and software that monitors and controls physical processes — including PLCs (Programmable Logic Controllers), SCADA systems, HMIs (Human-Machine Interfaces), and CNC machines used in manufacturing, utilities and critical infrastructure. OT systems differ fundamentally from IT systems in their real-time availability requirements, long operational lifespans, and sensitivity to software updates. The convergence of OT and IT networks creates specific cybersecurity challenges.

P

Penetration Testing (Pen Test)

An authorised simulated cyberattack on a system, network or application — conducted by security professionals to identify exploitable vulnerabilities before real attackers find them. Pen tests go beyond automated scanning by using the same techniques as real attackers. Required by some regulatory frameworks (PCI DSS, NHS DSPT for some organisations) and increasingly expected as due diligence by cyber insurers. See: Cybersecurity Services.

Phishing

A type of social engineering attack where criminals send fraudulent emails (or messages) impersonating a trusted entity — a bank, Microsoft, a colleague, or a supplier — to trick recipients into revealing credentials, clicking malicious links, or transferring money. Business email compromise (BEC) is a sophisticated phishing variant targeting financial transactions. Phishing is the most common initial access vector for ransomware and data breaches affecting UK businesses.

R

Ransomware

Malicious software that encrypts a victim's files and demands a ransom payment — typically in cryptocurrency — for the decryption key. Modern ransomware attacks also steal data before encrypting it, threatening to publish it unless the ransom is paid (double extortion). UK businesses across all sectors have been affected, with attack costs including ransom, recovery expenses, lost revenue, and regulatory consequences often totalling hundreds of thousands of pounds.

RPO (Recovery Point Objective)

The maximum acceptable amount of data loss measured in time — i.e., how far back in time recovery can go after a disaster. An RPO of 4 hours means the business accepts losing up to 4 hours of data. RPO drives backup frequency requirements: a 1-hour RPO requires backups at least every hour. See: Disaster Recovery.

RTO (Recovery Time Objective)

The maximum acceptable time to restore a system or process to operation after a disruption. An RTO of 4 hours means the business can tolerate a maximum 4-hour outage before the impact becomes unacceptable. RTOs drive infrastructure investment decisions — shorter RTOs typically require more investment in redundancy and recovery automation. See: Disaster Recovery.

S

SASE (Secure Access Service Edge)

A cloud-delivered security architecture that combines WAN capabilities (SD-WAN) with network security functions (NGFW, zero-trust network access, cloud access security broker) into a unified cloud service. SASE enables organisations to apply consistent security policies to users, devices and applications regardless of location — supporting remote working and multi-site connectivity securely. Fortinet's FortiSASE is one example of a SASE platform.

SD-WAN (Software-Defined Wide Area Network)

A technology that uses software to manage connectivity between multiple business sites, aggregating multiple internet connections (broadband, 4G/5G, leased line) and routing traffic intelligently across the best available path. SD-WAN provides improved cloud application performance, cost savings over MPLS, and built-in resilience. See: Network Support and SD-WAN vs MPLS.

SLA (Service Level Agreement)

A contractual commitment defining the level of service a provider will deliver — including response times, resolution times, uptime guarantees, and escalation procedures. For managed IT services, SLAs typically define how quickly the helpdesk will respond to different severity incidents (P1 critical, P2 major, P3 standard). Vertex9 provides 99.9% uptime SLAs on managed infrastructure services.

SOC (Security Operations Centre)

A team (or service) responsible for monitoring, detecting, analysing and responding to cybersecurity incidents on a continuous basis. A SOC uses SIEM (Security Information and Event Management) platforms to aggregate and correlate security events from across an organisation's IT environment. Many UK businesses access SOC services through their managed IT provider rather than building an internal capability.

V

VoIP (Voice over Internet Protocol)

Technology that delivers voice calls over an internet connection rather than traditional telephone lines. VoIP enables businesses to replace legacy PSTN/ISDN phone systems with cloud-based telephony — reducing call costs, enabling integration with Microsoft Teams, and future-proofing against the UK's PSTN switch-off (planned for December 2027). See: VoIP & Communications.

VPN (Virtual Private Network)

An encrypted tunnel between a user's device and a network (typically the corporate network or the internet) that secures traffic from interception. SSL VPNs enable remote workers to securely access on-premises resources. Site-to-site VPNs connect office locations securely over the internet. In a Zero Trust model, VPNs may be supplemented or replaced by ZTNA (Zero Trust Network Access) solutions.

Z

Zero Trust

A security model based on the principle of "never trust, always verify" — where no user, device or network connection is automatically trusted, regardless of whether it is inside or outside the corporate network perimeter. Zero Trust requires continuous verification of identity and device health, least-privilege access, and micro-segmentation of networks. It is the recommended security architecture for organisations with remote workers and cloud-first application environments.