Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

Azure ACR Image Signing with Notation Policy

Azure Container Registry plus Notation gives you signing, trust policy, and AKS enforcement without bolting on Sigstore. Here is how the pieces actually fit together.

Feb 10, 20267 min read
Cloud Security

How to set up AWS Organizations Service Control Policies

A practical, command-by-command guide to AWS Organizations SCP setup — from enabling policy types to real guardrail examples, rollout, and troubleshooting.

Feb 8, 20268 min read
Cloud Security

How to implement least privilege for GCP service accounts

A step-by-step guide to auditing, scoping, and enforcing least privilege service accounts GCP-wide — including key rotation and IAM audit workflows.

Feb 7, 20267 min read
Cloud Security

How to set up cloud security posture management (CSPM)

A practical, step-by-step guide to setting up cloud security posture management: inventory, tool selection, policy tuning, alerting, remediation, and verification.

Feb 7, 20267 min read
Cloud Security

How to configure network ACLs in AWS VPC

A step-by-step guide to configure AWS NACLs correctly — creating rules, associating subnets, and verifying traffic — for real defense-in-depth in your VPC.

Feb 7, 20267 min read
Cloud Security

AWS ECR Signing Policies with Notation

ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.

Feb 5, 20267 min read
Cloud Security

IBM Cloud Code Engine: A Supply Chain Defender's Walkthrough

Code Engine abstracts away Kubernetes for Knative-style serverless workloads on IBM Cloud. The supply chain story is different from what most defenders bring from AWS or GCP.

Feb 4, 20268 min read
Cloud Security

Wiz vs Prisma Cloud in 2026

Two CNAPPs at the top of every shortlist, and they are not interchangeable. A detailed look at agentless coverage, runtime depth, pricing pressure, and deployment realities.

Feb 4, 20266 min read
Cloud Security

GCP Cloud Build + Workload Identity Federation

Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.

Feb 1, 20267 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
Cloud Security

What is Drift Detection

Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.

Jan 31, 20267 min read
Cloud Security

What is Posture Management

Security posture management explained: what it covers, how it differs from vulnerability management, and why misconfiguration still drives most cloud breaches.

Jan 31, 20267 min read
Cloud Security (Page 12) — Supply Chain Security Blog | Safeguard