Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

Common AWS IAM misconfigurations that lead to breaches

Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.

Jan 17, 20268 min read
Cloud Security

Best practices for rotating secrets stored in Azure Key V...

A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.

Jan 17, 20269 min read
Cloud Security

Using Azure AD Workload Identity Federation to remove sec...

How Azure Workload Identity Federation lets AKS and CI workloads swap Azure AD access tokens without ever storing a client secret—and how to migrate safely.

Jan 16, 20267 min read
Cloud Security

Designing least-privilege custom roles with Azure RBAC

A practical guide to designing least-privilege custom roles in Azure RBAC, covering over-permissioning pitfalls, scoping, and audit strategies.

Jan 16, 20267 min read
Cloud Security

GCP Artifact Registry Vulnerability Scanning: Integrating the Findings

Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.

Jan 15, 20267 min read
Cloud Security

Choosing between Key Vault access policies and RBAC permi...

Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.

Jan 15, 20267 min read
Cloud Security

Best practices for using Azure Managed Identity instead o...

A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.

Jan 15, 20268 min read
Cloud Security

Configuring soft delete and purge protection for Azure Ke...

A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.

Jan 14, 20268 min read
Cloud Security

Using Privileged Identity Management for just-in-time Azu...

A practical guide to using Azure conditional access PIM for just-in-time role activation, reducing standing privileges and strengthening least-privilege access.

Jan 14, 20268 min read
Cloud Security

Preventing and detecting Azure service principal credenti...

How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.

Jan 14, 20267 min read
Cloud Security

Automating secret rotation in Google Cloud Secret Manager

A practical guide to automating GCP Secret Manager rotation—covering versioning, Cloud Functions, Cloud Scheduler, and rotating database credentials safely.

Jan 12, 20268 min read
Cloud Security

Applying least-privilege principles to GCP IAM roles

Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.

Jan 12, 20267 min read
Cloud Security (Page 14) — Supply Chain Security Blog | Safeguard