Cloud Security
In-depth guides and analysis on cloud security from the Safeguard engineering team.
237 articles
Kubernetes 1.31 Security Improvements: What You Need to Know
Kubernetes 1.31 'Elli' shipped in August 2024 with significant security improvements including AppArmor GA support, refined pod security controls, and better secret management.
Securing ML Model Serving Infrastructure
Model serving infrastructure is a growing attack surface that most security teams overlook. From model poisoning to inference API abuse, here are the risks and how to address them.
AWS Lambda Supply Chain Risks You Are Probably Ignoring
Serverless does not mean secure. Here are the supply chain risks hiding in your Lambda functions and how to address them.
Cloud Security Posture Management: A No-Nonsense Guide
What CSPM actually does, where it falls short, and how to get real value from posture management instead of drowning in alerts.
Multi-Cloud Security Posture Management for Supply Chains
Running workloads across AWS, Azure, and GCP multiplies your attack surface. This guide covers cloud security posture management with a supply chain lens.
AWS ECR Image Scanning: A Deep Dive Into What It Catches and What It Misses
ECR offers both basic and enhanced scanning. The difference between them determines whether your container security is real or performative.
Multi-Cloud Container Security: Building a Unified Strategy
How to maintain consistent container security across AWS, Azure, and GCP without drowning in tool sprawl and fragmented visibility.
Cloud-Native Application Protection: Beyond the Buzzword
CNAPP promises unified cloud security. Here is what it actually delivers, where it falls short, and how to evaluate platforms honestly.
Google Cloud Build Supply Chain Security: From Source to Deploy
How to secure your Cloud Build pipelines with SLSA provenance, Binary Authorization, and artifact verification for end-to-end supply chain integrity.
GCP Binary Authorization: Enforcing Container Trust at Deploy Time
A practical walkthrough of Binary Authorization on GKE, from attestor setup to break-glass procedures and CI/CD integration.
Serverless Security: Supply Chain Risks in Lambda, Cloud Functions, and Azure Functions
Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.
Azure Container Registry Security: Locking Down Your Image Pipeline
How to secure Azure Container Registry with network isolation, content trust, and Microsoft Defender for Containers integration.