Cloud Security
In-depth guides and analysis on cloud security from the Safeguard engineering team.
237 articles
AWS IAM Identity Center Trusted Token Issuer: A Supply Chain Lens
Trusted Token Issuer support in IAM Identity Center lets workloads exchange OIDC tokens for AWS sessions without long-lived keys. Here is how that reshapes build pipeline trust.
What is Cloud Security? Ultimate guide to the modern cloud
Cloud misconfigurations and supply chain attacks now drive most breaches. Here's what cloud security actually means in 2026, and how it differs from what Wiz covers.
Cloud Security Architecture: frameworks, components, and ...
Cloud security architecture explained: the frameworks (NIST CSF 2.0, CSA CCM), core components, where Wiz's graph model stops, and how to build one in five phases.
Cloud Security Tools: a comprehensive guide to the 10 types
A breakdown of the 10 cloud security tool categories — CSPM, CNAPP, CIEM, DSPM, and more — and why supply chain security remains the gap even Wiz-style platforms leave open.
Orca vs Wiz CNAPP Deep Comparison 2026
The two pioneers of agentless cloud security have diverged in interesting ways. A technical comparison covering side-scanning depth, graph quality, and the operational differences that decide deals.
Cloud Security Assessment Tools: how to evaluate your pos...
Wiz and other CNAPPs assess your deployed cloud infrastructure — but not the software supply chain that built it. Here's how to evaluate both.
CNAPP vs. CSPM
CNAPP and CSPM answer cloud posture questions — but who verifies what's actually inside your software? A grounded look at Safeguard vs. Aqua Security's approaches.
Agentless vs. Agent-Based Security & Monitoring
Agentless vs agent-based security compared: how Aqua Security's runtime Enforcer model differs from Safeguard's pipeline-native supply chain scanning.
Cloud Detection and Response (CDR) / EDR vs. CDR
CDR catches bad behavior in running cloud workloads. Safeguard secures what gets built before it ever runs. A concrete look at how the two layers — and Aqua Security's CDR — actually differ.
Azure DevOps Personal Access Tokens in 2026: Rotation, Scoping, and Replacement
PATs remain the most common credential leak in Azure DevOps incidents. We trace the patterns that actually reduce risk and the migration paths that retire them entirely.
SSDF (Secure Software Development Framework)
NIST SP 800-218 turned SSDF into a federal procurement gate. Here is what it requires, why attestation is mandatory, and where CNAPP tools like Aqua fall short.
Software Supply Chain Attacks
Software supply chain attacks like SolarWinds, XZ Utils, and polyfill.io exploit trust, not code. Here's how they work and how Safeguard closes the provenance gap.