AI training for Copilot, Claude and OpenAI. Book your slot now 09 974 2379Client PortalRemote Support
Belton IT Nexus
NZ AU
Contact us
01 Run

We become your IT department and own the day-to-day.

Managed IT Your whole environment, owned Managed Devices Endpoints, patched & tracked Microsoft 365 The workplace, managed Cloud & Azure Run properly, costs watched Connectivity Internet & networks that work Business VoIP Phones on any device
02 Protect

Security operations you can verify, and show.

24-Hour CyberSOC Security ops that don't clock off Identity & Access MFA enforced, takeover stopped Email Security Phishing & fraud, stopped Endpoint Protection EDR on every device Backup & Recovery Provably restorable Security Bundles Per-user, no hidden fees
03 Improve

Honest strategy, budgets you can plan around.

IT Advisory & vCIO Honest, predictable plans Compliance & Governance Audit-ready evidence Projects & Consulting Build what you can't buy Procurement Right kit, fair price, visible Licensing Right-sized, never wasted IT Asset Finance Spread the cost, monthly Data Centres & Hosting Sovereign, servers in minutes
04 Build

AI, automation and software, where they genuinely help.

AI & Copilot Rolled out so it sticks AI Training & Implementation Copilot, Claude & ChatGPT Copilot Workshops Hands-on team training Business Automation Hand work to the platform Software Development Custom builds, done properly Client Portal AI-first insights & budgets White-Label Our bench, your brand
Belton · Run / Protect / Improve / BuildView all services ›
Professional Services

Firms that run on trust, time and confidential data.

Accounting Ledgers & client data Legal Privilege & matter files Business Advisory Plans & reporting Mortgage & Finance Loan files & AML/CFT Insurance Claims & client records Insurance Brokers Cover & premiums
Built & Made

Site, studio and floor, where uptime is the product.

Construction Sites & project files Architecture Drawings & large models Quantity Surveyors Cost data & big files Manufacturing Floor & ERP uptime Healthcare Patient data & privacy
Trade, Service & Technology

Fast-moving operations that can't carry downtime.

Logistics Fleet, orders & tracking Retail & Wholesale POS & storefronts Hospitality POS, EFTPOS & guest WiFi Technology Cloud-native teams Distribution Inventory & systems General SMB Don't fit a box? Start here
Belton · Sector-specialised IT & securityAll industries ›
Guides & Frameworks

Plain-English playbooks for the controls that matter.

Essential Eight ASD's eight, explained DIY Cybersecurity Lock down the basics Cyber Standards Guide ISO, SMB1001 & more M365 Selection Guide Pick the right licences
Tools & Assessments

Self-serve checks that map where you stand.

Security Assessment Score your posture Network Assessment Find the weak spots M365 Security Checklist Find the gaps Cyber Insurance Readiness Be claim-ready
Reading & Learning

Get more from the tools you already pay for.

SME Tech Outlook 2026 Where NZ tech heads next Copilot Learning Hands-on with Copilot FAQ Straight answers CEO's Blog Plain-English views
Belton · Knowledge, not gatekeepingResource library ›
The Firm

A senior team with the skills and scale for any project.

About Belton Who we are, plainly How We Work Our delivery process Who We Work With The fit we look for Leadership Jason & Amy Agnew + team
Proof & Partners

The evidence behind the claims, and ways to build with us.

Case Studies Real outcomes, named Accreditations The proof behind the practice Industries Sector-specialised White-label / Partners Our bench, your brand
Connect

Real people, fast, no ticket-queue runaround.

Contact Us Talk to a human, today Book a Session A 90-minute discovery Find Us Newmarket, Auckland Remote Support Get help now
Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›
Home/ Resources/ IT glossary

The plain-English IT and cyber security glossary

Jargon decoded for business owners and managers. Every term a New Zealand business actually meets, explained in clear language, with no acronym soup and no sales spin.

39Terms defined 7Categories NZBusiness framed PlainEnglish only

Technology has a language problem. The people who sell it, configure it and report on it lean on acronyms and shorthand, and the business owner on the other side of the table is left nodding along to terms that were never explained. That gap is not harmless. It makes it hard to weigh a quote, judge a risk, or know whether you are being looked after properly.

This glossary fixes that. It collects the IT and cyber security terms a New Zealand business genuinely runs into, from the MFA prompt on your phone to the framework your insurer keeps asking about, and explains each one in two or three plain sentences. No prior knowledge assumed. Where a term maps to something we do, there is a link so you can read further. Skim it, search it, or keep it open during your next IT conversation.

Category one
§01

Cyber security

Threats and defences

MFA (multi-factor authentication)

A login that asks for more than just a password, usually a code or an approval tap on your phone. The idea is simple: even if an attacker steals or guesses your password, they still cannot get in without that second factor. It is the single most effective control most businesses can turn on, and it sits at the heart of good identity and access management.

Phishing

A fake message, almost always email, designed to trick someone into handing over a password, approving a payment, or clicking a malicious link. Modern phishing is convincing and often impersonates a colleague, supplier or well-known brand. Filtering and staff awareness both matter, which is why it is the focus of layered email security.

Ransomware

Malicious software that encrypts your files and demands a payment to unlock them. A serious infection can halt an entire organisation for days and there is no guarantee paying gets your data back. Tested, isolated backups are the reliable way to recover, which is why backup and ransomware defence go hand in hand.

BEC (business email compromise)

A targeted scam where an attacker gets into, or convincingly imitates, a real email account to redirect a payment or invoice. There is often no malware involved, just a believable request to change bank details, so it slips past basic filters. Strong sign-in controls and a habit of verifying payment changes by phone are the practical defences.

Zero trust

A security approach that stops assuming anything inside your network is automatically safe. Instead, every user and device must prove who they are and that they are healthy before they reach an application or file, every time. In practice it means strong identity, device checks and least-privilege access working together rather than relying on a single perimeter.

Endpoint

Any device a person uses to do work: a laptop, desktop, phone or tablet. Endpoints are where most attacks land, because that is where people click links and open files. Keeping them patched, configured well and protected is the goal of endpoint protection.

EDR (endpoint detection and response)

Security software that watches each device for suspicious behaviour, not just known viruses, and can isolate a machine the moment something looks wrong. It is a big step up from traditional antivirus because it catches new and evasive attacks by how they act. EDR is a core part of modern endpoint protection.

MDR (managed detection and response)

EDR technology combined with real people who monitor the alerts and act on them around the clock. The tools surface threats; a security team investigates and responds so an alert at 2am does not sit unread until morning. MDR gives a business genuine 24/7 coverage without building its own security operations team, and it underpins a serious security posture.

SOC (security operations centre)

The team and tooling that monitor an organisation's systems for threats and coordinate the response when something happens. A SOC is what turns a flood of alerts into a calm, structured handling of real incidents. Most businesses access this capability through a provider rather than staffing one themselves.

SIEM (security information and event management)

A platform that gathers logs and signals from across your systems, correlates them, and raises alerts when patterns look dangerous. It is the engine that lets a security team spot an attack unfolding across email, devices and cloud services at once. SIEM is usually the data backbone behind a SOC and an MDR service.

Patch management

The ongoing discipline of applying security updates to operating systems and applications promptly and consistently. Unpatched software is one of the most common ways attackers get in, so the gap between a fix being released and installed is real exposure. Doing this reliably across a whole fleet is a standard part of managed IT.

Category two
§02

Microsoft 365 and cloud

The platform most teams run on

Microsoft 365

Microsoft's subscription bundle of the productivity tools most businesses use every day: Outlook email, Word, Excel, Teams, and the cloud storage behind them. It is sold per user per month and spans email, collaboration, security and device management depending on the plan. Getting the right licence mix and configuring it well is the job of a good Microsoft 365 setup.

Entra ID

Microsoft's cloud identity service, formerly called Azure Active Directory. It is the directory that holds your staff accounts and decides who can sign in to Microsoft 365 and connected applications. Because it is the front door to nearly everything, securing it well sits at the centre of identity and access.

Conditional access

Rules in Entra ID that decide whether a sign-in is allowed based on context: who the user is, what device they are on, where they are, and how risky the attempt looks. For example, you might block logins from outside New Zealand or require MFA on an unmanaged device. It is one of the most powerful levers for tightening access control.

SharePoint

The Microsoft 365 service that stores and shares your business files and powers team sites and intranets. It is the storage layer sitting behind Teams, so when people share a document in a Teams channel, SharePoint is usually where it actually lives. Structured well, it replaces sprawling shared drives with something searchable and properly permissioned.

Intune

Microsoft's cloud tool for managing and securing the devices your staff use, from company laptops to personal phones. It lets you push settings, enforce security policies, deploy apps and, if a device is lost, wipe the business data from it. It is how modern teams keep a mobile, hybrid workforce both productive and protected.

Autopilot

A Microsoft service that lets a brand-new Windows device set itself up automatically the first time a staff member turns it on, with your apps, settings and security already applied. No technician needs to touch the machine first, so a laptop can be shipped straight to a remote worker. It makes device refreshes, including the move off older Windows, far smoother, as covered in our Windows 10 end of support guide.

Azure

Microsoft's cloud platform for running servers, applications, databases and infrastructure without owning the physical hardware. Businesses use it to host line-of-business systems, extend their network, or move workloads out of an ageing server cupboard. Designing and running it sensibly is the focus of our Azure services.

IaaS and SaaS

Two common ways of buying technology as a service. IaaS, infrastructure as a service, means renting raw computing building blocks like servers and storage, as Azure provides. SaaS, software as a service, means using a finished application over the internet for a subscription, like Microsoft 365 or Xero. Most businesses now run on a mix of both, which is what a sound cloud strategy organises.

Category three
§03

Managed IT and support

How the service works

Managed IT

An arrangement where an external provider takes ongoing responsibility for running and supporting your technology for a predictable monthly fee, rather than charging for each call-out. It covers the help desk, monitoring, patching, security and advice as one service. The aim is fewer problems and steadier costs, which is the heart of managed IT.

RMM (remote monitoring and management)

The behind-the-scenes software a provider uses to keep an eye on your devices and servers and to maintain them remotely. It flags a failing disk or a missing update before it becomes an outage, and lets routine fixes happen without anyone visiting. It is the quiet engine that makes proactive support possible.

vCIO (virtual chief information officer)

A senior technology adviser who works with you periodically rather than as a full-time hire, helping with strategy, budgeting and planning. Where day-to-day support keeps things running, a vCIO looks ahead: roadmaps, risk, and where to invest next. This advisory layer is what our IT advisory service provides.

Co-managed IT

A model where an in-house IT person or team shares the load with an external provider, rather than handing everything over. The provider might cover after-hours support, security, or specialist projects while internal staff handle the day-to-day. It gives a growing business more capacity and cover without a string of new hires, and it is a common shape of managed IT.

SLA (service level agreement)

The written commitment that sets out what response and resolution times you can expect from your provider, and how performance is measured. It turns vague promises of good service into specific, accountable targets. A clear SLA is one of the simplest ways to judge whether a support arrangement is serious.

Remote support

Help delivered over the internet, where a technician securely connects to your device or talks you through a fix without travelling to your office. The large majority of issues are resolved this way, quickly and without disruption, with on-site visits kept for the cases that genuinely need hands on hardware. It is the backbone of responsive remote support.

Shadow IT

Technology and apps that staff adopt on their own without IT knowing, such as a free file-sharing tool or a personal cloud account used for work. It usually comes from people trying to get things done, but it creates blind spots for security and data. Bringing it into the light, then offering safe, sanctioned alternatives, is part of sensible IT governance.

Category four
§04

Networking and connectivity

How traffic moves and is protected

VPN (virtual private network)

An encrypted tunnel that lets a remote worker connect to office systems, or two sites connect to each other, securely over the public internet. It keeps the traffic private and makes a device behave as if it were on the internal network. Many businesses are now layering or replacing VPNs with zero trust access, but the term remains everywhere.

Firewall

A device or service that sits between your network and the internet and controls what traffic is allowed through. It is the first line of defence, blocking unwanted connections and inspecting traffic for threats. A well-configured, well-maintained firewall is a foundation of network security.

SD-WAN (software-defined wide area network)

A smarter way of connecting multiple sites and cloud services that uses software to route traffic over the best available link in real time. It can blend connections, fail over automatically if one drops, and prioritise important traffic like voice calls. For businesses with several locations it improves both reliability and the security of how sites connect, as part of broader network security.

Category five
§05

Compliance and frameworks

The rules and standards

Essential Eight

A practical set of eight cyber security strategies, developed by the Australian Cyber Security Centre and widely used across New Zealand, that prevent the majority of common attacks. It covers things like multi-factor authentication, patching, backups and restricting admin rights, measured across maturity levels. We cover it in depth in our Essential Eight guide.

ISO 27001

An internationally recognised standard for managing information security in a structured, auditable way. Rather than a single product, it describes a system of policies, controls and continual review that an organisation can be certified against. It is increasingly asked for in tenders and procurement, and it sits within our broader compliance work.

NZ Privacy Act 2020

New Zealand's law governing how organisations collect, use, store and protect personal information. Among other things it requires reasonable security safeguards and makes notifying serious privacy breaches mandatory. Meeting it is both a legal duty and a trust issue, and it shapes how we approach compliance for clients.

CERT NZ

New Zealand's government body for cyber security incidents, which receives reports, issues alerts about current threats, and publishes practical guidance for businesses. It is a useful, locally relevant source of warnings about scams and vulnerabilities affecting New Zealand organisations. Its advice aligns closely with the controls in our cyber standards guide.

Category six
§06

Backup and continuity

Recovering when things go wrong

3-2-1 backup

A long-standing rule of thumb for resilient backups: keep three copies of your data, on two different types of media, with one copy held offsite. The point is that no single failure, theft or disaster can wipe out every copy at once. It remains the baseline test of whether a backup arrangement is actually safe.

Immutable backup

A backup copy that cannot be altered or deleted for a set period, even by someone with admin access. This matters because modern ransomware deliberately hunts down and destroys backups before triggering. An immutable copy gives you a clean restore point an attacker cannot tamper with, and it is a key feature of a serious backup design.

RTO and RPO

Two numbers that define your recovery goals. RTO, recovery time objective, is how quickly you need to be running again after an outage. RPO, recovery point objective, is how much recent data you can afford to lose, measured in time. Setting these honestly drives how your backup and continuity plan is built.

BCDR (business continuity and disaster recovery)

The overall plan for keeping the business operating, or getting it back quickly, when something serious goes wrong, whether a cyber attack, hardware failure or flood. Business continuity is about staying running; disaster recovery is about restoring systems and data. Together they turn a potential crisis into a managed, rehearsed event rather than a scramble.

Category seven
§07

AI at work

Tools changing how teams operate

AI (artificial intelligence)

Software that can perform tasks normally needing human judgement, such as drafting text, summarising documents, answering questions or spotting patterns in data. In a business setting the value is practical: less time on routine work and faster answers, used with sensible guardrails around accuracy and privacy. Putting it to work safely is the focus of our AI services.

Copilot

Microsoft's AI assistant built into Microsoft 365, helping with drafting in Word, analysis in Excel, summaries in Teams and writing in Outlook. It works from your own documents and emails, with access governed by your existing Microsoft 365 permissions. Getting real value from it is mostly about training and good habits, which is what our Copilot learning programme delivers.

Business automation

Using technology to handle repetitive, rules-based tasks, such as moving data between systems, sending routine notifications, or processing forms, so people are freed for higher-value work. Done well it reduces errors and removes friction rather than adding complexity. Identifying and building the right automations is the aim of our business automation service.

Good to know
§08

Questions about IT terms

Answered

Because the words sit between you and good decisions. If you do not understand what is in a quote, a security report or a renewal notice, it is hard to know whether you are well protected, fairly charged or exposed. Understanding the core terms lets you ask sharper questions and judge the answers, which is exactly what this glossary is for.

Antivirus blocks known threats based on a list of signatures. EDR watches each device for suspicious behaviour and can catch new, unknown attacks by how they act. MDR adds a human security team monitoring and responding to those EDR alerts around the clock. Each is a step up in protection, and most businesses today need more than antivirus alone.

If you start anywhere, start with MFA, patching, and tested backups. Those three prevent or recover from the large majority of incidents that hit New Zealand businesses, and they line up with the first controls in the Essential Eight. From there, identity, email security and endpoint protection are the natural next layers.

Yes. Microsoft renamed Azure Active Directory to Microsoft Entra ID, but the service is the same: the cloud directory that holds your user accounts and controls sign-in to Microsoft 365 and connected apps. You will still see the old name in older documents and settings, so it is worth knowing both.

Not at all. A good provider explains things in plain language and translates the technical detail into business terms and clear choices. This glossary simply helps you follow along and ask better questions. If a term ever leaves you guessing, that is a prompt for your provider to explain it, not for you to learn it alone.

Less jargon,
clearer answers.

Book a discovery & security session. We will look at where your business stands, explain what matters in plain English, and give you a clear, prioritised plan with no acronym soup.

Book the session Talk to a human
And relax

Getting started is the easy part.

Onboarding without drama

We do the switch: your current provider, the migration, the handover, all of it. Most teams barely notice the cutover happened.

Everything looked after

On the right plan, compliance, reporting and budgets are handled inside the partnership. You run the business; we run the IT underneath it.

Your QBR writes itself

Quarterly business reviews are generated automatically from your live environment: spend, posture, recommendations and roadmap, ready for the board, reviewed with your account manager.

The honest bit: the full looked-after experience comes with the right plan. We charge fairly for what we take on, and when costs step up it's because you are taking on more, always moving in the right direction.

Get started in 2 minutes Speak to someone
NEW ZEALAND OWNED & OPERATED EST. 2004
Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia
  • Auckland
  • Christchurch
  • Sydney
  • Melbourne
  • Brisbane
  • Perth
International data-centre operations
  • Singapore
  • Germany
  • Netherlands
  • USA

Servers available in minutes, not days.

Explore data centres & hosting →
Accredited partners
Microsoft Solutions Partner, Modern Work Fortinet Partner Lenovo Partner HP Partner Apple Partner APC Partner SentinelOne Partner
Book your free discovery & security session