Safeguard
Cloud Security

Secure-by-design principles for cloud architecture: prevention over detection

The 2019 Capital One breach hit 700+ S3 buckets through one SSRF call. Secure-by-design architecture stops that path before it exists.

Safeguard Research Team
Research
7 min read

On March 22, 2019, a former AWS employee named Paige Thompson exploited a misconfigured web application firewall in front of a Capital One workload to issue a server-side request forgery (SSRF) call against the AWS Instance Metadata Service (IMDS). That call returned temporary credentials for an IAM role with far more S3 access than the application needed, and over the following day she used those credentials to pull data from more than 700 S3 buckets — roughly 106 million customer records. Capital One learned of the breach on July 19, 2019 and disclosed it publicly ten days later, on July 29, 2019, and it became the reference case for a hard truth: no amount of monitoring after that IMDS call would have mattered, because the architecture itself made the theft possible. AWS's own response was architectural, not detective — it shipped IMDSv2 later in 2019 specifically to make this SSRF-to-credential-theft pattern much harder to pull off. Verizon's 2019 Data Breach Investigations Report found misconfigured cloud storage behind 21% of that year's error-related breaches, exposing roughly 60 million records industry-wide. This post lays out the principles that stop these failures at design time, before a detection system ever gets a chance to fire.

What does "secure by design" actually mean in a cloud context?

Secure by design means a system is safe by default because of how it's built, not because a control is watching it afterward. In cloud terms, that means an IAM role can't assume more privilege than its function requires, a subnet can't route to a resource it has no reason to reach, and a workload can't launch unless it already meets policy — none of which depends on a detection rule catching the deviation later. This is the practical form of the principle of least privilege that Saltzer and Schroeder formalized in 1975: every program and user should operate with the minimum privilege necessary to complete the job. AWS, Azure, and Google Cloud each encode this as a security pillar in their Well-Architected Frameworks, and NIST 800-53 and the NIST Cybersecurity Framework both treat access control and configuration management as preventive, not corrective, functions. The distinction matters because detection has a built-in lag — someone has to notice, triage, and respond — while prevention removes the failure mode entirely.

Why did IMDSv2 matter more than any detection tool could have?

IMDSv2 mattered because it closed the exact architectural gap the Capital One attacker used, rather than adding a way to notice someone using it. IMDSv1 answered plain HTTP GET requests from anywhere on the instance, including through an SSRF-vulnerable proxy, with no session context required — which is precisely how a WAF misconfiguration became a credentials leak. IMDSv2 requires a session token obtained via a PUT request first, which most SSRF techniques can't forge, and AWS later let accounts enforce it as the only option account-wide. No CloudTrail alert, no anomaly-detection model, and no SIEM rule could have stopped the original theft once the WAF misrouted the request — the credentials were already valid AWS API keys the moment IMDS handed them over. That's the core argument for prevention over detection: a control placed before the vulnerable step removes the incident; a control placed after it only shortens how long the incident lasts.

How does zero standing privilege change what an attacker can even reach?

Zero standing privilege changes the blast radius of any single compromised credential by ensuring most roles hold no meaningful permissions until they're actively needed. In the Capital One case, the compromised role's standing S3 permissions were broad enough to list and read from buckets well outside what the specific application required — a common outcome when IAM policies are written once, attached broadly, and never revisited as the "temporary" grant they usually started as. A zero-standing-privilege model instead issues narrowly scoped, time-boxed credentials through just-in-time elevation, so a stolen token is valid for one task and expires quickly rather than sitting as a standing key to hundreds of buckets. Verizon's 2026 DBIR found that misconfigured permissions and weak credentials in cloud environments took a median of roughly eight months to fix once discovered — a gap that zero standing privilege removes by never letting the over-broad grant exist in the first place, rather than depending on someone to catch it in time.

What role does policy-as-code enforcement play in preventing misconfiguration before it ships?

Policy-as-code enforcement plays the role of a gate, not a report — it stops a non-compliant resource from being created or deployed rather than flagging it afterward. Instead of a periodic cloud security posture management (CSPM) scan that finds an over-permissive S3 bucket policy days after it went live, a policy-as-code check written in a language like AWS's Cedar, Open Policy Agent's Rego, or a CI-integrated YAML policy runs at the moment of the pull request, the Terraform plan, or the Kubernetes admission request, and blocks the change if it violates a defined rule. This mirrors CIS Benchmarks and the cloud providers' own Well-Architected security pillars, which both push controls toward "prevent by default" rather than "detect and remediate." Safeguard's own guardrail model applies this same logic to the software supply chain: policies evaluate SBOM, vulnerability, and provenance data at CI, registry, and Kubernetes admission points, and a rule like requiring SLSA level 3 provenance or blocking any image with a CISA KEV-listed CVE can BLOCK the deployment outright rather than only logging it for later review.

Why is defense-in-depth still necessary if prevention is the priority?

Defense-in-depth is still necessary because no single preventive control is guaranteed to hold, and the goal of layering is to make sure one architectural gap doesn't equal one full breach. The Capital One incident is again illustrative: the WAF misconfiguration was the entry point, but IMDS access, the IAM role's excessive S3 scope, and the absence of network-level egress restriction on that traffic each independently widened what became reachable once the first control failed. The shared responsibility model that every major cloud provider publishes exists precisely because prevention spans layers the customer controls (IAM policy, network segmentation, workload identity) and layers the provider controls (hypervisor isolation, physical security) — and a gap in one layer should not cascade into the next. Practically, this means combining least-privilege IAM, network segmentation that limits which resources can reach the metadata service or other internal endpoints, and policy-as-code gates that block risky configurations before they deploy, so that a failure in any one layer is contained rather than catastrophic.

How Safeguard Helps

Safeguard's guardrail engine is built around the same prevention-first logic this post argues for: policies are evaluated and enforced at the point a risk would otherwise become permanent — CI pipeline, container registry, and Kubernetes admission controller — rather than surfaced only in a dashboard after deployment. A rule requiring SLSA level 3 provenance, blocking unsigned containers, or denying any image carrying a KEV-listed critical CVE runs as a BLOCK decision the admission controller enforces on every pod spec, with every allow, warn, and block decision logged to a signed audit record auditors can replay. Where a policy shouldn't hard-block a build, Griffin AI can auto-remediate instead — for example, pinning a dependency to the last safe version and opening a pull request — turning a would-be detection finding into a prevented one before it ever reaches production.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.