Technology Services Glossary of Key Terms

The technology services industry operates on a dense layer of specialized vocabulary that shapes contracts, procurement decisions, compliance obligations, and vendor evaluations. This page defines the core terms used across managed IT, cloud, cybersecurity, and infrastructure services. Precise terminology reduces ambiguity in service-level agreements and vendor comparisons — areas explored in depth through the technology services contracts and SLAs and technology services vendor selection resources on this site.

Definition and scope

A technology services glossary covers the standardized definitions used across IT service delivery, procurement frameworks, regulatory filings, and industry certifications. The scope spans infrastructure terminology, service model classifications, contractual constructs, and security-specific language.

The National Institute of Standards and Technology (NIST) provides foundational definitions that recur throughout technology services contexts. NIST Special Publication 800-145, for example, formally defines cloud computing and its five essential characteristics — on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These definitions carry regulatory weight in federal procurement contexts and are referenced in vendor contracts across both public and private sectors.

The scope of this glossary aligns with the categories covered across the technology services listings directory, including managed services, cloud platforms, cybersecurity, network infrastructure, and software delivery.

Key term domains covered:
1. Cloud service and deployment models (IaaS, PaaS, SaaS, public, private, hybrid)
2. Managed services and outsourcing constructs (MSP, MSSP, co-managed IT)
3. Contractual and SLA terminology (SLA, OLA, uptime tiers, RTO, RPO)
4. Security and compliance vocabulary (SIEM, SOC, zero trust, vulnerability, threat actor)
5. Infrastructure and hardware terms (hypervisor, bare metal, VLAN, edge computing)
6. Support and delivery classifications (break-fix, proactive monitoring, tiered support)

How it works

Technology services terminology functions as a classification system. Each term maps to a specific operational reality — a delivery model, a contractual obligation, a technical architecture, or a regulatory standard. Misapplying a term in a procurement document or SLA can create measurable gaps between what a vendor delivers and what an organization expects.

Cloud service model distinctions illustrate this precisely. NIST SP 800-145 defines three service models:

• IaaS (Infrastructure as a Service): The provider delivers virtualized compute, storage, and networking. The customer manages the OS upward.
• PaaS (Platform as a Service): The provider manages the underlying infrastructure and runtime environment. The customer manages applications and data.
• SaaS (Software as a Service): The provider manages the full stack. The customer configures and uses the application.

The distinction directly determines where security responsibility lies — a boundary formalized in the shared responsibility model used by major cloud providers and referenced in NIST SP 800-210.

RTO vs. RPO is a second pairing where definitional precision matters operationally. Recovery Time Objective (RTO) defines the maximum acceptable downtime after a disruption. Recovery Point Objective (RPO) defines the maximum acceptable data loss, measured in time. A business with an RPO of 4 hours must back up data at intervals no greater than 4 hours. These metrics anchor data backup and recovery services and disaster recovery as a service contracts.

Uptime tier notation follows the Uptime Institute's data center tier classification — Tier I through Tier IV — where Tier IV guarantees 99.995% availability (approximately 26.3 minutes of annual downtime). These figures appear directly in data center colocation and hosting contracts.

Common scenarios

Technology services terms appear in three primary operational contexts: vendor evaluation, contract negotiation, and compliance documentation.

Vendor evaluation: When comparing managed IT services providers, the distinction between a break-fix model and a proactive managed services model determines both pricing structure and risk allocation. Break-fix engagements bill per incident; managed services operate under a fixed monthly fee with defined service scope. The technology services pricing models page covers this distinction in detail.

Contract negotiation: SLA (Service Level Agreement) and OLA (Operational Level Agreement) are frequently conflated. An SLA governs the relationship between a service provider and a customer. An OLA governs internal commitments between teams within a single organization that support delivery of that SLA. Confusing the two in a multi-vendor environment creates accountability gaps when incidents occur.

Compliance documentation: Terms like "encryption at rest," "encryption in transit," "MFA," and "zero trust architecture" appear in frameworks including NIST SP 800-53, the HIPAA Security Rule (45 CFR Part 164), and the FTC Safeguards Rule (16 CFR Part 314). Regulatory filings require precise use of these terms; vague language in a risk assessment can trigger findings during an audit. The technology services compliance and regulation section addresses this intersection.

Decision boundaries

Understanding when a term applies — and when a related term applies instead — is a practical decision function in technology procurement.

MSP vs. MSSP: A Managed Service Provider (MSP) delivers broad IT management — help desk, patching, network monitoring, device management. A Managed Security Service Provider (MSSP) specializes in security operations, typically operating a Security Operations Center (SOC) with 24/7 threat monitoring. An organization with basic IT needs selects an MSP. An organization facing compliance mandates under frameworks like SOC 2 or HIPAA typically requires an MSSP or a hybrid engagement. Cybersecurity services are frequently delivered by MSSPs under distinct contractual terms.

Public cloud vs. private cloud vs. hybrid cloud: Per NIST SP 800-145, the deployment model selection depends on data sensitivity, regulatory environment, and cost tolerance. Regulated industries — healthcare, financial services, defense — often require private or hybrid deployments to maintain data residency and audit control.

Co-managed IT vs. full outsourcing: Co-managed IT retains an internal IT team while supplementing capacity through a provider. Full outsourcing transfers all IT responsibility to an external party. The IT outsourcing vs. in-house comparison details the cost and control tradeoffs across these models.

The boundary between cloud computing services and on-premises infrastructure is also definitional: cloud requires network-delivered services from a third-party provider; on-premises places control — and full cost burden — with the organization.

References

• NIST SP 800-145: The NIST Definition of Cloud Computing
• NIST SP 800-53 Rev 5: Security and Privacy Controls for Information Systems
• NIST SP 800-210: General Access Control Guidance for Cloud Systems
• HIPAA Security Rule — 45 CFR Part 164 (eCFR)
• FTC Safeguards Rule — 16 CFR Part 314 (eCFR)
• Uptime Institute Data Center Tier Standards