Safeguard
Topic

Infrastructure Security

In-depth guides and analysis on infrastructure security from the Safeguard engineering team.

52 articles

Infrastructure Security

What is AWS CloudFormation Security

What is CloudFormation security? A practical breakdown of IAM least privilege, drift detection, secret scanning, and template misconfigurations that cause breaches.

Mar 12, 20266 min read
Infrastructure Security

What is Policy as Code

Policy as code turns security and compliance rules into version-controlled, testable code enforced automatically in CI/CD, admission control, and runtime.

Mar 12, 20268 min read
Infrastructure Security

What is Configuration Drift

Configuration drift silently pulls live systems away from their secure baseline — and it's behind some of the largest cloud data exposures on record.

Mar 11, 20267 min read
Infrastructure Security

What is GitOps Security

GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.

Mar 11, 20267 min read
Infrastructure Security

Public key infrastructure (PKI)

What is PKI? A precise breakdown of public key infrastructure, the PKI certificate chain, root and intermediate CAs, and how trust hierarchies can break.

Feb 27, 20267 min read
Infrastructure Security

How to harden a Linux server

A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.

Feb 13, 20268 min read
Infrastructure Security

How to scan Terraform for misconfigurations with Checkov

A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.

Feb 13, 20269 min read
Infrastructure Security

How to encrypt a Terraform state file

A step-by-step guide to encrypting a Terraform state file using an S3 backend, KMS keys, and IAM controls to keep infrastructure secrets safe.

Feb 13, 20267 min read
Infrastructure Security

Message Queue Security: Hardening Kafka, RabbitMQ, and Event Brokers

Message queues are the nervous system of modern architectures. A compromised broker can intercept, modify, or inject messages across your entire system. Here is how to lock them down.

May 25, 20245 min read
Infrastructure Security

Envoy Proxy Security Hardening for Production Deployments

Envoy powers service meshes and API gateways across the industry. Its default configuration prioritizes connectivity over security. Here is how to fix that.

Apr 12, 20244 min read
Infrastructure Security

Software Updates in Air-Gapped Environments: Security Without Connectivity

Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.

Feb 8, 20245 min read
Infrastructure Security

Puppet Forge Supply Chain Security: Trusting Your Configuration Management

Puppet modules from the Forge run with root-level access on your servers. The supply chain security of these modules deserves the same scrutiny as any dependency.

Dec 12, 20235 min read
Infrastructure Security (Page 3) — Supply Chain Security Blog | Safeguard