Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

What is the Principle of Least Privilege

The principle of least privilege limits every user and system to only the access it needs. Here's how it works and why it matters for cloud security.

Mar 13, 20267 min read
Cloud Security

What is Zero Trust Security

Zero trust means never trusting a user, device, or workload by default. Here's what NIST 800-207 actually requires, why it applies to supply chains too.

Mar 13, 20266 min read
Cloud Security

Azure Confidential VM Attestation in a Supply Chain Pipeline

Confidential VMs on Azure protect workloads in use, but the attestation flow is where their value gets unlocked. We trace how to wire it into a build and deploy pipeline.

Mar 2, 20267 min read
Cloud Security

Container Runtime Security in 2026: What's Changed and What Hasn't

Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.

Mar 1, 20266 min read
Cloud Security

Cloudflare Workers: Supply Chain Threat Model

Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.

Mar 1, 20268 min read
Cloud Security

EKS Pod Identity vs IRSA: A 2026 Migration Playbook

How to migrate from IRSA to EKS Pod Identity in 2026, including the trade-offs, the operational gotchas, and the cases where IRSA still makes sense.

Feb 26, 20266 min read
Cloud Security

GCP Binary Authorization Attestation Verifier: Production Patterns

Binary Authorization in 2026 moved from breakglass-heavy gatekeeping to attestation-driven trust. We unpack how to design verifiers that scale across teams and clusters.

Feb 25, 20267 min read
Cloud Security

AWS EKS Pod Identity vs. IRSA for Supply Chain

Pod Identity and IRSA both give EKS workloads AWS identities. The supply chain implications diverge once you look past the docs.

Feb 24, 20268 min read
Cloud Security

How to rotate AWS IAM access keys

A step-by-step guide to safely rotate AWS IAM access keys with zero downtime, plus how to turn it into a lasting credential rotation policy.

Feb 21, 20267 min read
Cloud Security

How to set up AWS GuardDuty for threat detection

A step-by-step guide to enabling AWS GuardDuty across accounts and regions, routing findings to your alerting stack, and triaging results.

Feb 20, 20268 min read
Cloud Security

How to prevent public access to AWS S3 buckets

A practical walkthrough for locking down AWS S3 buckets: Block Public Access, bucket policies, encryption, and how Safeguard catches misconfigurations early.

Feb 20, 20267 min read
Cloud Security

How to implement least privilege IAM policies in AWS

A practical guide to building a least privilege IAM policy AWS teams can trust, using Access Advisor data and generator tooling to cut over-permissioning fast.

Feb 20, 20268 min read
Cloud Security (Page 10) — Supply Chain Security Blog | Safeguard