Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

How Snyk IaC identifies unencrypted storage resources acr...

Snyk IaC flags unencrypted S3 buckets, Azure Storage, and GCP disks by parsing Terraform and CloudFormation for missing encryption attributes before deployment.

Aug 31, 20258 min read
Cloud Security

Runtime Threat Detection in Cloud-Native Environments

Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.

Aug 18, 20256 min read
Cloud Security

Cloud Cyber Security: The Fundamentals Teams Skip

The cloud cyber security fundamentals teams reliably skip — identity sprawl, misconfigured storage, and compliance standards treated as a checkbox instead of a control.

Aug 14, 20255 min read
Cloud Security

Cloud-to-Code Traceability: Connecting Production Inciden...

When a production alert fires, it names an IP or image hash—rarely a commit or author. Here's why that gap exists and how to close it fast.

Jul 24, 20258 min read
Cloud Security

Cloudflare Workers KV June 12 2025 Outage: A GCP Dependency Story

A 2-hour, 28-minute Workers KV outage rolled into Access, Gateway, WARP, and Turnstile because the central store sat on GCP. Here is the dependency chain and the R2 re-architecture that followed.

Jun 16, 20257 min read
Cloud Security

Encryption Services: Managed vs Self-Hosted

Choosing between a managed key management service and a self-hosted encryption stack comes down to who you trust to hold the keys and who you trust to patch the software.

May 22, 20256 min read
Cloud Security

Cloud Application Security Best Practices

Five layers cover most of the risk in cloud apps: identity, secrets, artifact scanning, pipeline gates, and runtime guardrails. Here is how to build each one without slowing delivery.

Apr 16, 20255 min read
Cloud Security

Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem

A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.

Mar 26, 20257 min read
Cloud Security

AWS Security Breaches: Lessons Learned From Real Incidents

Most AWS security breach postmortems trace back to a small set of repeating misconfigurations — public S3 buckets, overprivileged IAM roles, exposed credentials — not novel attacks on AWS itself.

Mar 11, 20255 min read
Cloud Security

AWS Security Tools: Native Services vs Third-Party Platforms

GuardDuty, Inspector, and Security Hub cover a lot of ground — but they stop at the AWS account boundary. Here is where native AWS security tools genuinely suffice and where third-party platforms earn their cost.

Mar 11, 20256 min read
Cloud Security

Cloudflare R2 February 6, 2025 Outage: When Abuse Tooling Took Down Production

A routine phishing-URL takedown clicked the wrong button and disabled R2 globally for 59 minutes. Here is what went wrong and the two-party approval Cloudflare added afterwards.

Feb 10, 20257 min read
Cloud Security

Cloud Workload Protection Platforms in 2024: What Actually Matters

Cutting through the CWPP marketing noise to identify the capabilities that genuinely protect cloud workloads from modern threats.

Sep 20, 20247 min read
Cloud Security (Page 18) — Supply Chain Security Blog | Safeguard