diff --git a/docs/research/stakeholders/interview-notes/E03-cloudflare-webfilter-sales-rep-notes.md b/docs/research/stakeholders/interview-notes/E03-cloudflare-webfilter-sales-rep-notes.md new file mode 100644 index 0000000..2cf4534 --- /dev/null +++ b/docs/research/stakeholders/interview-notes/E03-cloudflare-webfilter-sales-rep-notes.md @@ -0,0 +1,137 @@ +# Interview Notes – E03 + +## Participant Info +| Field | Notes | +|-------|--------| +| Stakeholder type | Expert (Cloudflare Web Filter Sales) | +| Age group | Adult / Account Executive | +| Location | Queensland, Australia | +| Interview date | 9th Jan 2026 | +| Interviewer | Saloni, Sugirdha, Aishwarya | +| Consent status | Recording allowed: TBD | + +--- + +## Key Discussion Points +### Overview / Current Context +- Account executive at Cloudflare working across financial services, critical infrastructure, and schools +- Schools are the most excited industry about Cloudflare products +- Works with K-12 schools (Kindergarten to high school) +- Currently has 2 schools adopted (mentioned as being in New Zealand) +- Only private schools using it so far; government schools need whole fleet deployment +- Has 3-year-old and 6-month-old children +- Practices intentional parenting around screen time and digital devices +- Talks extensively with other parents about cybersecurity and smart devices + +### Pain Points / Frustrations +- **MDM bypass issues**: Sugirdha shared students in Singapore can bypass/disable MDM (Mobile Device Management Service - a component within the school's Device Management Application) systems on school devices + - *Note: This was a passing remark that Sugirdha heard from the kids and hasn't been verified, so credibility is uncertain* +- **Network-only filtering limitations**: Traditional filters only work on school network, not at home +- **VPN bypass**: Traditional firewalls (like Palo Alto) can be bypassed by VPNs +- **Personal device gap**: Students' personal devices don't have web filters +- **Parental tech literacy**: Parents who are not tech savvy just rely on school devices +- **Device management complexity**: Schools have existing setups with physical networks and routers +- **Divided school approaches**: Some schools only care about filtering on school network, others want comprehensive protection +- **Parenting reality vs ideal**: Ideal screen time is 1 hour, reality is 2-3 hours when both parents working +- **Phone attention guilt**: 3-year-old says "Daddy put phone in pocket" when parent is distracted + +### Current Cloudflare Web Filter Capabilities +- **Device-level deployment**: Agent installed on device itself, not just network layer +- **Works everywhere**: Filtering that works both on and off school premises, regardless of network +- **Cannot be bypassed**: VPN-proof filtering that students cannot disable +- **Remote management**: Admin can toggle settings remotely without physical access +- **Default rulesets**: 95% effective with default Cloudflare ruleset for small IT teams +- **Granular customization**: Ability to add custom rules for specific needs (e.g., Wikipedia pages) +- **Color-coded categorization**: Green (safe), Red (blocked), Yellow (uncategorized - requires approval) +- **User-friendly logs**: Made for non-techies to understand (school administrators) +- **Remote browser isolation**: Malicious content opens in remote environment, not directly on device +- **Comprehensive logging**: All student activity logged with timestamps, domains, IP addresses +- **Low stimulating content**: For young children, prefers Studio Ghibli over high-stimulation shows +- **Co-viewing**: Parent and child watching together, talking about content +- **GPS tracking**: Wants tracking device separate from smartphone for kids + +### Safety & Trust Requirements +- **UK act compliance**: Cloudflare follows UK act to hinder access to certain activities +- **Cannot be altered**: Cloud-based product that cannot be digitally altered or removed without admin access +- **Constant device checking**: Agent constantly checks device structure +- **IT admin approval**: Yellow/uncategorized sites require manual vetting before student access +- **Incident event management**: Integration with tools like Splunk for log analysis +- **Pastoral care alignment**: Christian schools use it for religious content filtering +- **Protection from external threats**: Schools get hit with phishing attacks +- **Protection from internal threats**: Malicious websites accessed by students +- **No smart devices for young kids**: Haven't incorporated smart devices for 3-year-old and 6-month-old +- **No doomscrolling**: Agreed early on not to doomscroll in front of kids +- **Active monitoring**: Try to monitor what child is watching, rarely alone + +### Opportunities / Ideas +- **Complement to MDM**: Cloudflare as extra security layer on top of existing school MDM (Mobile Device Management Service) systems +- **DNS filtering for personal devices**: When connected to school network +- **Free base version**: Parents can use Cloudflare base version for free at home +- **Sweeper management**: Comprehensive default filtering with granularity for custom rules +- **SASE integration**: Secure Access Service Edge that ingests logs and provides simpler logs for schools +- **Nokia phone + GPS tracker**: Alternative to smartphone for kids taking bus +- **Situation-based device access**: Not about age but about situation (picking up vs taking bus) +- **Delayed smartphone access**: 14-15 years old for smartphone +- **No social media under 16**: Aligns with Australian legislation +- **Resistance leads to improvement**: Parents report massive improvement when social media removed +- **Colleague tracking**: Teenage daughters tracked by parents who know where they are +- **Varied approaches in social circle**: Acknowledges diversity in parenting approaches + +--- + +## Direct Quotes +> "Schools are probably the one industry that is most excited about specific Cloudflare products" + +> "Every time it concerns kids, everyone understands the risks" + +> "Never had to convince schools of the threats and risks" + +> "We don't want them to look up things they are not supposed to" (Christian schools) + +> "We do this because we care about this" (on device management) + +> "Doesn't matter what network they are on, they cannot access certain websites" + +> "VPN cannot bypass Cloudflare" + +> "There may be some companies that can somehow remove the WARP client, but it's not easy" + +> "School nightmare is self-harm content" + +> "Daddy put phone in pocket" (3-year-old to parent) + +> "His attention is taken away by this device" (child's mindset) + +> "The doomscroll conversation happened early on" + +> "At first they would resist it, but then there has been a massive improvement since then" + + +--- + +## Technical Details +### Cloudflare Architecture +- **380 datacenters** in over 100 countries +- **Anycast network**: Every single datacenter is connected +- **Three main buckets**: CDN (Application Security), Network Connectivity & Security, Protecting Users (Internal Security) +- **WARP agent**: Freely available to download, installed on every device +- **Sweeper management rule set**: Default comprehensive filtering with granular customization +- **Remote Browser Isolation**: Malicious content opens in remote environment, Cloudflare projects to user +- **Cloud-based deployment**: On device itself, not just network layer + +### Deployment Models +- **Best scenario**: WARP agent installed on device (works everywhere) +- **DNS filtering**: Implemented in school network itself (only works on school premises) +- **Network layer**: For personal devices connected to school network +- **Device layer**: For school-issued managed devices + +### Competitors +- **Palo Alto Global Protect**: Can be bypassed by VPN, not user-friendly for schools, no own datacenters +- **Traditional MDM (Mobile Device Management Service)**: Can be bypassed/disabled by students, network-layer only + +--- + +## Potential Themes Tags +`#web-filtering` `#school-safety` `#device-management` `#vpn-bypass-prevention` `#remote-management` `#content-categorization` `#logging-monitoring` `#christian-schools` `#managed-devices` `#dns-filtering` `#mdm-complement` `#parental-controls` `#screen-time` `#co-viewing` `#doomscrolling` `#smartphone-delay` `#gps-tracking` `#social-media-ban` `#australian-legislation` `#intentional-parenting` + +--- diff --git a/docs/research/stakeholders/interview-transcripts/E03-cloudflare-webfilter-sales-rep.md b/docs/research/stakeholders/interview-transcripts/E03-cloudflare-webfilter-sales-rep.md new file mode 100644 index 0000000..9396f06 --- /dev/null +++ b/docs/research/stakeholders/interview-transcripts/E03-cloudflare-webfilter-sales-rep.md @@ -0,0 +1,261 @@ +# Interview Transcript – E03 + +## Participant Info +| Field | Notes | +|-------|--------| +| Stakeholder type | Expert (Cloudflare Web Filter Sales) | +| Age group | Adult / Account Executive | +| Location | Queensland, Australia | +| Interview date | 9th Jan 2026 | +| Interviewer | Saloni , Sugirdha, Aishwarya | +| Consent status | Recording allowed: TBD | + +# Role and Background +- Account executive at Cloudflare in Queensland — focused on sales +- Looks after customers who have already bought Cloudflare and brings in new customers +- Not industry-specific — works across financial services, critical infrastructure, and schools +- Has inherited school clients (Kindergarten to high school/12th grade) +- Schools are probably the one industry that is most excited about specific Cloudflare products + +# Cloudflare Overview +Cloudflare calls itself the "connectivity cloud" — it's the connectivity tissue between: +- Apps and on-prem services +- Users +- Domains +- Physical sites (like shopping centres) + +What Cloudflare does is connect all these different elements in a fast and secure way. + +## Three Main Buckets: +1. **CDN (Application Security)** + - Over 100 countries, 380 datacenters around the world + - **Key difference**: Anycast network — every single datacenter is connected + - Everything you're accessing is close to the endpoint (datacenters) + - Ensures content is delivered from the nearest location to the user + +2. **Network Connectivity and Security** + - Firewall service + - SDN (Software-Defined Networking) as a service + - DDoS mitigation as a service + - This is the bucket schools are most interested in + +3. **Protecting Users (Internal Security)** + - Protecting how users access critical information + - Protecting the device + - Zero Trust architecture + - AI (NEW offering) + +# Web Filter for Schools + +## Why Schools Need It +- Students with devices can connect to school WiFi and access anything on the internet +- Can be helpful: student resources, educational content +- Some schools are using Minecraft and Roblox as learning blocks (part of curriculum) +- But students could also access things parents don't want them to see: + - Racism + - Sexual content + - Hate speech + - Gambling + - Self-harm content (school nightmare scenario) + +## How Cloudflare Web Filter Works +- Install an agent on every device called **WARP** (freely available to download) +- With the agent on the device, it follows the school policies +- Cloudflare follows the UK act which ensures it hinders access to certain activities +- **Sweeper management rule set**: Default comprehensive filtering + - Has granularity to add custom rules + - If sweeper doesn't cover certain sites (e.g., specific Wikipedia pages), schools can add their own rules +- IT staff (security administrator) manages the policies +- Relatively small IT teams in schools — 95% effective can just use the default ruleset by Cloudflare +- Not sure about the experience/qualification requirements for IT administrators + +## Current Adoption +- At the moment only private schools are using it; government schools need the whole fleet +- Sales rep does have to teach the schools what threats/risks are +- **2 schools have adopted it so far** (mentioned as being in New Zealand in other notes) +- Others are in the pipeline + +### School Examples: +**Rockhampton School** (not in main city): +- They said as long as it's not on the school network, they don't care +- Only concerned about filtering on school premises + +**Other Schools**: +- Feel more responsible to do more than just school network filtering +- Want to protect students beyond school hours +- School nightmare is self-harm content + +## Network Coverage +- **Schools are divided** between two approaches: + 1. Only filtering on school network + 2. Filtering on both school devices and school network (more comprehensive) +- Traditional filtering wouldn't be effective if students use another network (e.g., home WiFi, mobile data) +- Other web filters only work on school network but at home they don't work — Cloudflare solves this +- **Cloudflare works both on and off school premises** — doesn't matter what network students are on, they cannot access certain websites +- This is because the agent is deployed on the device itself, not just the network layer + +## Bypass Prevention +- **VPN cannot bypass Cloudflare** (unlike traditional firewalls like Palo Alto) +- Schools have Palo Alto firewalls but VPN can bypass them — doesn't work with Cloudflare +- Agent constantly checks the device structure +- **Agent cannot be turned off by students** +- Only admin can remotely toggle the agent on/off +- Happens remotely — no need to physically access the device +- Cloudflare is a cloud-based product deployed on the device and cannot be digitally altered or removed unless given access (usually only IT admin has this access) +- Note: There may be some companies that can somehow remove the WARP client, but it's not easy + +# School Adoption Insights + +## Why Schools Adopt Easily +- **Never had to convince schools** — every time it concerns kids, everyone understands the risks +- There is never a question about various threats +- **External threats**: Schools get hit with phishing attacks +- **Internal threats**: Malicious websites accessed by students +- **Christian schools (private schools)**: + - Pastoral care concerns + - Religious elements — "We don't want them to look up things they are not supposed to" + - Content filtering aligns with religious values + +### Comparison to Corporate Security: +- In companies: Security teams care about sensitive business data being leaked +- In schools: Focus is entirely on protecting children from harmful content + +# Device Management: School vs Personal Devices + +## Australia Context +- Australia is moving to **managed devices** or **1-to-1 devices** in schools +- Used to be a hybrid scenario (mix of school and personal devices) +- Now going towards managed devices, at least for private schools +- Students still have their 2nd devices (personal devices) which don't have the web filter + +## DNS Filtering for Personal Devices +- Students connect to the school network and there is a network layer filter +- Personal devices can use DNS filtering if connected to school network +- **Best scenario**: Having the WARP agent installed on the device itself (works everywhere) +- **DNS filtering** is implemented in the school network itself (only works on school premises) +- VPN on personal devices doesn't have Cloudflare but may have DNS filtering +- But at home, the personal device is out of the school's reach +- Up to parents to manage +- **Could students access malicious websites from their own device? Yes, they can** (if no agent installed) +- Parents can use other tools — Cloudflare base version is free +- If parents are not tech savvy, they just rely on school device + +## Singapore Context +- In Singapore, there is an MDM (Mobile Device Management) system - from @sugirdha +- The MDM is supposed to work on the device all the time and run continuously +- But students are able to bypass/disable it on their devices +- **Cloudflare's perspective on MDM bypass**: + - Not sure exactly how students can disable it — could be the way it was deployed + - Schools already have their setups with physical networks, routers, and services + - Schools are using Cloudflare as an extra security layer + - The reason schools went with Cloudflare is the deployment method + - Cloudflare is deployed at the network layer (for DNS filtering) or on the device (WARP agent) + - If MDM is only deployed at network layer, students using private networks can bypass it +- **Cloudflare is a complement to MDM** — not a device management solution itself +- Device management is not handled by Cloudflare — "We do this because we care about this" + +## Bypass Attempts +- Someone at a company was able to bypass, but the policy is that they cannot connect to internet without WARP +- This shows that while bypass attempts may occur, the policy enforcement prevents actual internet access without the agent + +# Competitors + +## Palo Alto Global Protect +- Competes in the same space as Cloudflare +- Works in reverse: Once turned off, it's very restricted and can only access certain networks +- **Looked over by schools** — not user-friendly for schools +- They don't have their own datacenter compared to Cloudflare +- Can be bypassed by VPN (unlike Cloudflare) +- One device accessing Cloudflare vs one accessing Palo Alto — different security models + +# Content Filtering System + +## How Cloudflare Categorizes Websites +**If the filter doesn't pick something up**, websites are coded by color: +- **Green list (Whitelists)**: Safe websites that are allowed +- **Red lists**: Websites they want to block/call out +- **Yellow (Uncategorized)**: Websites that are unsure because they haven't been categorized yet + - Up to the school or IT team to set up policy for how to approach yellow sites + - Can have a policy: "There is a request to access this website" + - The student won't be able to access it until IT admin vets it + - Requires manual approval from IT administrator + +## Threat Protection +### Remote Browser Isolation +- If something is malicious, it would open in a **remote environment** +- There would be a gap between the user and the actual malicious content +- What you're actually interacting with is Cloudflare projecting the content to you +- The actual interaction goes to the datacenter, not directly to the malicious site +- **Ransomware**: Cloudflare has a protection screen that protects the user + +### Logging and Monitoring +- **All activity of students are individually logged** and flagged as risk or not +- Logs include: timestamps, domains, IP addresses, things that don't make sense +- All websites accessed by students are logged and can be called out + +### Incident Event Management +- **Incident event management tools** (e.g., Splunk) analyze the logs +- If you are a system administrator, you would be looking at these logs +- Logs made for schools in a user-friendly way (non-techies are looking at this) +- **SASE (Secure Access Service Edge)** ingests the logs and provides simpler logs for schools + +# Personal Perspective as a Parent + +## Family Context +- Has a 3-year-old and 6-month-old +- Talks a lot about this with other parents +- Discusses not just cybersecurity but also smart devices + +## Current Screen Time Practices +- **Haven't incorporated smart devices** for the kids yet +- **One-off exception**: Had to take a 15-minute flight + - 3-year-old was really unhappy + - Put on a low stimulating video to watch + - She was not interacting with it, just watching +- **No screens for the 6-month-old** +- **Any screen time is usually TV** (not tablets or phones) +- Even then, it's low stimulating shows +- **Time limit**: 1 hour max per day (ideal) +- **Reality**: Working 5 days a week (dad) and 1 day a week (mom), it moves to 2-3 hours which is not ideal +- When childcare or stranger babysits, they let them watch Studio Ghibli +- **They talk about what they are watching all the time** — active co-viewing +- **Child is rarely alone watching**: "He's not watching, just doing backflips. He has paused in front of the screen." +- Try to monitor what he's watching +- Child won't be by himself — runs off to find parents +- If watching for longer periods of time, it's with parents +- While working, child will come sit next to him, and he'll put on Studio Ghibli or trucks +- Child won't do it by himself — needs parent presence + +## Parental Digital Habits +- **The doomscroll conversation happened early on** +- They agreed early not to doomscroll in front of the kids +- **"Daddy put phone in pocket"** — something the 3-year-old says when he's on LinkedIn/texting +- Child's mindset: "His attention is taken away by this device" +- It gives a reminder to the parent to put the phone away +- He feels the guilt when the child says this + +## Future Device Plans +- **Spoke about it a couple days ago** (husband/wife conversation) +- **Pretty much the phones they're giving out won't be a smartphone** +- **It's not about the age but rather about the situation**: + - If parents are picking up from school → don't see the need for a device + - If kids are taking the bus → yes, need a device but not a smartphone + - Maybe a Nokia phone +- **When they are 14 or 15** → yes, can have a smartphone +- **But no social media under 16** (referring to Australian legislation banning social media for under 16) +- **Resistance and improvement**: "At first they would resist it, but then there has been a massive improvement since then" +- He heard from parents saying when social media is taken away — there is so much improvement in behavior + +## Alternative Solutions +- **Spoke about getting a tracker** — some sort of GPS tracking device +- Colleague has teenage daughters and they basically know where they are (using tracking) +- **Current plan**: Suitable phone for kids (Nokia) + tracking device +- At the moment, these devices usually don't have a tracker installed, so need separate GPS tracker +- **Nokia phone + GPS tracker** as an alternative to smartphone + +# Additional Questions + +## Social Norms Around Device Usage +**Question:** What do you see around you? Is this the norm around you? +- "So I have said a lot, it's varied." +- [Response indicates diversity in approaches among his social circle] diff --git a/docs/tech/glossary.md b/docs/tech/glossary.md index c811801..de11716 100644 --- a/docs/tech/glossary.md +++ b/docs/tech/glossary.md @@ -4,24 +4,75 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 1. Mobile Device Management (MDM) +## 1. Device Management Application (DMA) -**Definition:** Mobile Device Management (MDM) refers to software and policies used to remotely manage, configure, secure, and monitor devices such as smartphones and tablets. +**Definition:** A Device Management Application (DMA) is a school-mandated application installed on learning devices. It is used on school-issued devices and may also be installed on student-owned devices with parental or guardian consent. Its stated purpose is to support classroom use of devices and to safeguard students' online behaviour. + +**The DMA consists of three functional components:** + +1. **Mobile Device Management Service (MDM)**: A component within the DMA responsible for device and system management. It handles software and operating system updates, protects devices from malicious software, and applies filtering to block objectionable or non-educational internet content. + +2. **Classroom Management Service**: Used during lesson time to allow teachers to manage how students use their devices. + +3. **Usage Management Service**: Used to supervise and limit device use outside school hours (optional, decided by parents). + +**Why it matters for us:** The DMA provides comprehensive device management that spans classroom control, content filtering, and optional parental supervision outside school hours. + +**Learn more:** https://en.wikipedia.org/wiki/Mobile_device_management + +--- + +## 2. Mobile Device Management Service (MDM) + +**Definition:** Mobile Device Management (MDM) is a component within the Device Management Application (DMA) responsible for device and system management. More broadly, MDM refers to software and policies used to remotely manage, configure, secure, and monitor devices such as smartphones and tablets. **Why it matters for us:** MDM allows schools or parents to enforce screen time limits, restrict apps, filter content, apply device‑wide settings, and manage devices at scale. **Key capabilities:** +- Software and operating system updates +- Protection from malicious software +- Content filtering to block objectionable or non-educational content - App installation and blocking - Screen time enforcement -- Content filtering - Location tracking (when legally permitted) - Remote lock and wipe +**Limitations:** Traditional MDM systems can sometimes be bypassed or disabled by tech-savvy students, and may only work at the network layer. + **Learn more:** https://en.wikipedia.org/wiki/Mobile_device_management --- -## 2. Device Profile (Management Profile) +## 3. Classroom Management Service + +**Definition:** A component of the Device Management Application (DMA) used during lesson time to allow teachers to manage how students use their devices. + +**Key capabilities:** +- Real-time monitoring of student device activity +- Ability to lock/unlock student devices +- Screen sharing and broadcasting +- App and website access control during class +- Focus mode enforcement + +**Why it matters:** Enables teachers to maintain classroom control and ensure students stay on-task during lessons. + +--- + +## 4. Usage Management Service + +**Definition:** A component of the Device Management Application (DMA) used to supervise and limit device use outside school hours. This service is optional and decided by parents or guardians. + +**Key capabilities:** +- Screen time limits outside school hours +- Bedtime and downtime scheduling +- App usage monitoring and restrictions +- Parental oversight of device activity + +**Why it matters:** Extends device management beyond school hours, giving parents control over their child's device usage at home while respecting parental choice. + +--- + +## 5. Device Profile (Management Profile) **Definition:** A device profile is a configuration package — a set of rules and settings pushed to a device through an MDM system. Think of it as the "what" and "how" of device management. @@ -42,7 +93,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 3. Enrolling a Device +## 6. Enrolling a Device **Definition:** Device enrollment is the process of registering a phone or tablet into an MDM system so that profiles and policies can be applied. @@ -55,7 +106,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 4. Samsung Knox +## 7. Samsung Knox **Definition:** Samsung Knox is Samsung's enterprise‑grade security and device management platform built into Samsung devices at the hardware and OS level. @@ -82,7 +133,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 5. Managed Profile / Work Profile +## 8. Managed Profile / Work Profile **Definition:** A managed profile is a separate, isolated environment (container) on the device where managed apps and data live separately from personal apps. It creates a dual-environment setup on a single device. @@ -107,7 +158,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 6. Screen Time Management +## 9. Screen Time Management **Definition:** Screen time management refers to controlling how long and when a device or app can be used. @@ -121,7 +172,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 7. App Whitelisting and Blacklisting +## 10. App Whitelisting and Blacklisting **Whitelisting:** Only approved apps are allowed to be installed or used. @@ -131,7 +182,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 8. Content Filtering +## 11. Content Filtering **Definition:** Content filtering restricts access to inappropriate or harmful content based on categories, keywords, or ratings. @@ -144,7 +195,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 9. Location Tracking +## 12. Location Tracking **Definition:** The ability to view a device's approximate or real‑time location. @@ -154,7 +205,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 10. Accessibility & Visual Comfort Settings +## 13. Accessibility & Visual Comfort Settings **Examples:** - Reduced blue light @@ -166,7 +217,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 11. Digital Wellbeing APIs +## 14. Digital Wellbeing APIs **Definition:** Operating system APIs that provide data on app usage, screen time, and interaction patterns. @@ -174,7 +225,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 12. Data Privacy & Compliance +## 15. Data Privacy & Compliance **Key concepts:** - Data minimization @@ -190,7 +241,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 13. Role‑Based Access Control (RBAC) +## 16. Role‑Based Access Control (RBAC) **Definition:** RBAC restricts system access based on user roles. @@ -202,7 +253,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 14. Zero‑Trust Security Model +## 17. Zero‑Trust Security Model **Definition:** A security model that assumes no device or user is trusted by default. @@ -210,7 +261,7 @@ A comprehensive guide to technical concepts, platforms, and terms for the Future --- -## 15. Audit Logs and Monitoring +## 18. Audit Logs and Monitoring **Definition:** Records of actions taken on a device or system.