cloud-native-security
Safeguard articles tagged "cloud-native-security" — guides, analysis, and best practices for software supply chain and application security.
25 articles
Default-deny NetworkPolicy: closing the pod-to-pod gap in Kubernetes
Kubernetes pods allow all traffic by default, and many clusters' NetworkPolicy YAML silently does nothing because the CNI plugin never enforces it.
A practical guide to least privilege in Kubernetes RBAC
One RBAC flaw, CVE-2018-1002105 (CVSS 9.8), let any authenticated user escalate to cluster-admin — here's how to actually scope roles so that never happens again.
Defense-in-depth for a modern cloud-native application stack
Log4Shell and the XZ backdoor were caught two different ways — one by patching, one by a developer noticing 500ms of extra SSH latency. Neither alone is a strategy.
Kubernetes network policies for zero trust
Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.
Runtime security tools for Kubernetes clusters
A concrete look at Kubernetes runtime security tools — Falco, Tetragon, Tracee, eBPF, and recent CVEs — and what to check before you buy one.
Container configuration drift detection at runtime
Container images pass CI clean, but running containers drift within hours via exec sessions, sidecars, and webhooks. Here's how to detect it at runtime.
Applying least privilege IAM in cloud-native environments
Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.
API Security Posture Management, Explained
API security posture management inventories every API you actually have, then continuously checks it against the rules you meant to enforce.
The State of Cloud Native Application Security survey
New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.
Snyk Alternatives for cloud-native security teams
Comparing Snyk alternatives for cloud-native teams: how Wiz's cloud posture platform and Safeguard's supply chain security approach differ — and where each actually fits.
What is Cloud Security? Ultimate guide to the modern cloud
Cloud misconfigurations and supply chain attacks now drive most breaches. Here's what cloud security actually means in 2026, and how it differs from what Wiz covers.
Kubernetes CIS Benchmark
CIS Kubernetes Benchmark controls, common failure patterns, how Aqua Security's kube-bench fits in, and how continuous, supply-chain-aware scanning closes the gaps a point-in-time scan leaves open.