StormDotCom Logo
Back to The Help Desk

The Help Desk

Jargon Buster: Cloud, VPNs, Zero Trust and Other Tech Terms Explained

Tired of nodding along to tech terms you'd rather not have to ask about? No judgement here. This plain-language guide explains the words you keep hearing — no tech speak required.

Published: June 20266 min read

Every industry has its jargon, and IT has more than most. The problem is that these terms get thrown around as if everyone already knows them. Here are the ones we're asked about most often, explained the way we'd explain them to a friend.

You don't need to memorise any of this. But understanding these concepts helps you make better decisions about your business — and have more useful conversations with your IT provider.

The Cloud

“The cloud” simply means someone else’s computers, accessed over the internet. When your email or files live “in the cloud,” they’re stored in a secure data centre rather than on a machine in your office. You reach them from anywhere with an internet connection.

Everyday examples

Microsoft 365 and Google Workspace are everyday examples. Your emails, documents, and spreadsheets sit in Microsoft’s or Google’s data centres — not on a server in your storeroom — which is why you can open them on your phone, at home, or in a client’s office.

Why it matters: Cloud services reduce the need for expensive on-site hardware, simplify remote working, and shift the responsibility for server maintenance to the provider. They also mean your files survive a laptop being stolen or an office fire.

VPN

Virtual Private Network

A VPN creates a private, encrypted tunnel between your device and another network. Businesses use them so staff can safely reach office systems from home or while travelling, as if they were sitting in the office.

Why it matters on public Wi-Fi

Without a VPN, data travelling over an untrusted Wi-Fi network — a coffee shop, hotel, or airport — can potentially be intercepted. A VPN encrypts the connection so it looks like scrambled data to anyone snooping on the same network.

Why it matters: If your staff work remotely or travel, a business VPN is an important layer of protection — especially when accessing sensitive systems or client data.

MFA

Multi-Factor Authentication

MFA means proving who you are with more than just a password — usually a prompt or code on your phone as well. Even if someone steals your password, they can’t get in without that second factor.

What it looks like in practice

After entering your Microsoft 365 password, your phone shows a prompt asking “Are you trying to sign in?” You tap Approve. That second step is the MFA factor. An attacker who has your password but not your phone cannot get through.

Why it matters: Microsoft research shows MFA blocks over 99.9 % of automated account-compromise attacks. It’s one of the single most effective security steps a business can take, and it’s usually included free with existing Microsoft 365 licences.

See the Essential SME Cybersecurity Guide →

Zero Trust

An approach to security summed up as "never trust, always verify." Instead of assuming everything inside the company network is safe, a Zero Trust setup checks every user and device each time they try to access something.

Why the old approach no longer works

Traditional security assumed that once you were on the office network, you were trustworthy. Zero Trust treats every access request — even from inside the office — as potentially suspicious until it’s verified. With staff working from many locations and devices, that assumption of internal trust no longer holds.

Why it matters: Zero Trust is increasingly the recommended security model for businesses with remote workers, cloud services, or multiple devices. It suits a world where the “perimeter” of your network is no longer four walls.

Phishing

A scam where criminals send messages pretending to be someone you trust — your bank, a supplier, your boss — to trick you into clicking a malicious link, sharing a password, or making a payment.

A common scenario

A common example: an email that looks exactly like a Microsoft 365 login page asks you to "re-verify" your account. You enter your password — and you’ve just handed it to a criminal. The defence is a healthy pause: verify before you act, using a known contact method rather than the link in the email.

Why it matters: Phishing is the starting point for the majority of business email compromises and ransomware attacks. Staff awareness is the most effective defence.

How to Spot a Phishing Email Before It’s Too Late →

Ransomware

Malicious software that encrypts your files and demands payment to release them. It’s one of the most damaging threats to businesses today, and attacks don’t only target large organisations — SMEs are regularly hit.

How an attack unfolds

Ransomware typically arrives via a phishing email or an unpatched vulnerability. Once it runs, it silently encrypts files across your computer and any network drives it can reach — then displays a ransom demand. Paying does not guarantee recovery.

Why it matters: Good backups stored separately from your main systems are your most reliable defence. If ransomware can’t reach your backups, you can restore your files without paying.

Read: The Essential SME Cybersecurity Guide →
EDR

Endpoint Detection and Response

A modern step up from traditional antivirus. Rather than only checking files against a list of known threats, EDR watches how a device behaves and can step in automatically when something looks like an attack — even a brand-new one it has never seen before.

Antivirus vs EDR: the analogy

Standard antivirus looks for known bad files — like a security guard checking a list of banned faces. EDR watches behaviour — like a guard who notices that someone is acting suspiciously, even if they’re not on the list. An "endpoint" is simply any device: a laptop, desktop, or server.

Why it matters: Modern ransomware and zero-day attacks are specifically designed to bypass traditional antivirus. EDR closes that gap by detecting suspicious behaviour rather than relying on known-threat signatures.

Why Traditional Antivirus Isn’t Enough →

Backup vs Sync

Sync keeps the same files matched across your devices and the cloud (like OneDrive). Backup keeps separate, dated copies you can restore from later. They sound similar but do very different jobs.

Why the difference matters

If you accidentally delete a file, OneDrive sync will faithfully delete it everywhere — including the cloud copy. A dedicated backup would let you restore the file from a point before the deletion. Sync is about access; backup is about recovery.

Why it matters: Many businesses assume OneDrive or Google Drive is their backup. It isn’t. You need backup — not just sync — to be truly safe from accidental deletion, ransomware, and account compromise.

Read the Microsoft 365 Backup Guide →

Still not sure what something means?

There's no such thing as a silly question. If a tech term is making your head spin, get in touch — we're happy to explain it without the jargon.

Ask us anything

Quick-reference glossary

Bookmark this page and share it with your team as a handy reference whenever a tech term comes up.

The CloudFiles and services stored on remote servers, accessed via the internet.
VPNAn encrypted tunnel that lets you use the internet or reach office systems securely.
MFALogin security that requires a second factor — usually a code on your phone — beyond just a password.
Zero TrustA security approach that verifies every access request, every time — regardless of where it comes from.
PhishingA scam message designed to trick you into clicking a link, sharing a password, or making a payment.
RansomwareMalware that encrypts your files and demands payment to release them.
EDREndpoint Detection and Response — modern security software that watches device behaviour, not just known threats.
Backup vs SyncSync mirrors files across devices; backup keeps separate, restorable copies. You need both.

Frequently Asked Questions

Is 'the cloud' actually secure?

Yes — reputable cloud providers like Microsoft invest far more in physical and digital security than most businesses could afford on-site. Your data in Microsoft 365 is protected by enterprise-grade encryption, redundant data centres, and 24/7 monitoring. The main risks come not from the cloud platform itself, but from compromised accounts (which is why MFA is so important) and misconfigured settings.

Does my business need a VPN if we already use Microsoft 365?

It depends on what systems your staff need to access remotely. Microsoft 365 is already accessed securely over the internet without a VPN — it uses its own authentication and encryption. However, if your team needs to reach on-premise systems (like a file server, accounting package, or practice management software that runs in your office), a VPN is the right tool to do that securely from outside the office.

What is the difference between MFA and two-factor authentication (2FA)?

They're essentially the same thing. Two-factor authentication (2FA) is a specific form of MFA that uses exactly two factors. MFA is the broader term that covers any number of factors beyond a password. In everyday business use, MFA usually means a password plus an authenticator app prompt — which is technically 2FA. The terms are used interchangeably.

Is Zero Trust only for large enterprises?

No — the principles apply to any business, and many Zero Trust measures are built into Microsoft 365 and Azure at every licence level. Conditional access policies (requiring certain conditions before granting access), MFA, and device compliance checks are all Zero Trust in practice. You don't need to buy a separate 'Zero Trust product' to benefit from the approach.

What's the difference between ransomware and a virus?

A virus is a broad term for malicious software that replicates and spreads. Ransomware is a specific and particularly destructive type of malware whose goal is financial: it encrypts your files and demands payment for the decryption key. Not all malware is ransomware, but ransomware is currently one of the most damaging forms of malware affecting South African businesses.

OneDrive is backing up my files, isn't it?

Not in the way most people think. OneDrive syncs your files — it keeps them matched across your devices and the cloud. But sync is not the same as backup. If you delete a file, OneDrive deletes it everywhere. If ransomware encrypts your files, the encrypted versions sync to the cloud. A dedicated backup solution keeps separate, dated copies that are protected from these scenarios. Many businesses discover this distinction too late.

Quick Win

Share this page with your team. Understanding these eight terms will make security conversations more productive and help staff spot threats before they become incidents.

💡

Worth Knowing

MFA and backups together stop the two most common business disasters: account compromise and ransomware. Both are inexpensive, quick to set up, and available with most existing Microsoft 365 licences.

Want plain-English IT advice for your business?

We explain technology in a way that makes sense — no acronyms, no jargon, no pressure. Get in touch and let's have a straightforward conversation about your IT.

Get In Touch