Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

Managing and securing GCP service account keys

A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.

Jan 11, 20268 min read
Cloud Security

What Software Delivery Shield does for end-to-end supply ...

A breakdown of what Google Cloud's Software Delivery Shield actually does — SLSA provenance, SBOM generation, Binary Authorization — and where its coverage gaps still leave supply chains exposed.

Jan 11, 20267 min read
Cloud Security

Best practices for managing encryption keys with Google C...

A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.

Jan 11, 20268 min read
Cloud Security

Using GCP organization policy constraints to enforce secu...

GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.

Jan 10, 20268 min read
Cloud Security

Using VPC Service Controls to prevent secret exfiltration...

VPC Service Controls create a hard perimeter around Secret Manager, blocking exfiltration even when credentials are compromised or IAM is misconfigured.

Jan 10, 20267 min read
Cloud Security

Designing least-privilege IAM policies in Oracle Cloud In...

How to design least-privilege OCI IAM policies: dynamic groups, compartment scoping, and the audit habits that keep permissions from silently sprawling.

Jan 8, 20267 min read
Cloud Security

Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...

A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.

Jan 6, 20268 min read
Cloud Security

Comparing confidential VM offerings across major cloud pr...

A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.

Dec 11, 20258 min read
Cloud Security

Cloudflare November 18 2025 Outage: A Bot Management Feature File Doubled in Size

A ClickHouse permissions change caused Cloudflare's Bot Management feature file to balloon past a hard-coded proxy limit, taking the core network down for two hours and ten minutes.

Nov 21, 20257 min read
Cloud Security

Best cloud workload protection platforms (CWPP)

An honest, no-hype comparison of leading cloud workload protection platforms — evaluation criteria, real vendor tradeoffs, and where supply chain security fits in.

Nov 15, 20257 min read
Cloud Security

Terraform AWS provider misconfiguration trends

Terraform's AWS misconfiguration trends in 2026: how provider v4.0 migration gaps, wildcard IAM policies, and state drift keep exposing production infrastructure.

Nov 4, 20257 min read
Cloud Security

Kubernetes ingress controller vulnerability roundup

Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.

Nov 4, 20257 min read
Cloud Security (Page 15) — Supply Chain Security Blog | Safeguard