Cloud Security
In-depth guides and analysis on cloud security from the Safeguard engineering team.
237 articles
Building a Multi-Cloud Security Strategy That Actually Scales
A practical framework for securing AWS, Azure, and GCP together — the pillars, the provider differences that trip teams up, and how to unify controls with policy-as-code.
AWS Lambda Security: A Deep Dive Into the Function Attack Surface
An attack-surface walkthrough of AWS Lambda security — execution roles, resource-based policies, environment-variable secrets, function URLs, and dependency layers — with IAM policy and CLI examples.
The Biggest Cloud Security Challenges in 2026 (and How to Solve Them)
The seven cloud security challenges that consistently trip up engineering teams in 2026 — misconfiguration, identity sprawl, supply chain risk, drift — with pragmatic solutions.
Serverless Security Best Practices: Securing the Function Lifecycle
A lifecycle approach to serverless security across AWS Lambda, Azure Functions, and Cloud Functions — covering the build, deploy, invoke, and runtime phases with IAM, dependency, and event-injection controls.
AWS Security Best Practices for 2026
A practical, code-backed walkthrough of the AWS security controls that actually reduce breach risk in 2026 — identity, data, network, and infrastructure-as-code.
Azure Security Best Practices for 2026
A practical Azure hardening guide covering Entra ID identity, Azure Policy guardrails, network isolation, Key Vault secrets, and Defender for Cloud — with Terraform and az CLI examples.
GCP Security Best Practices for 2026
A hands-on Google Cloud hardening guide: resource hierarchy and Organization Policy, least-privilege IAM, VPC Service Controls, CMEK, and Security Command Center — with Terraform and gcloud examples.
Code-to-cloud security (CNAPP-style end-to-end protection)
Checkmarx scans code and pipelines well, but stops short of live cloud context. Here is what code-to-cloud security actually requires, with real breach examples.
Container security for Kubernetes and Docker
A practical glossary breakdown of container security for Kubernetes and Docker: the real risks, key benchmarks, and where code-scanning tools like Checkmarx fall short.
Container registries explained: Docker Hub vs private/ent...
Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.
When Configuration Is the Vulnerability: Microsoft's May 2026 Look at Exposed AI Apps on Kubernetes
Microsoft's May 14, 2026 research found AI frameworks shipping Helm charts that expose web UIs on internet-facing LoadBalancers with no authentication and cluster-admin service accounts. Mage AI on port 6789 was the headline, but it was far from alone.
Cloudflare Workers, KV, and Durable Objects: the supply chain view in 2026
Worker bundle composition, wrangler publish trust, and the deploy-from-CI credential blast radius are the supply chain shape of Cloudflare in 2026.