cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
AWS ECR Signing Policies with Notation
ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.
Wiz vs Prisma Cloud in 2026
Two CNAPPs at the top of every shortlist, and they are not interchangeable. A detailed look at agentless coverage, runtime depth, pricing pressure, and deployment realities.
GCP Cloud Build + Workload Identity Federation
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
What is a Golden Image
A golden image is the hardened template every server and container is cloned from — powerful for consistency, dangerous when it goes stale. Here's how to secure it.
What is Runtime Protection
Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.
What is Drift Detection
Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.
What is Posture Management
Security posture management explained: what it covers, how it differs from vulnerability management, and why misconfiguration still drives most cloud breaches.
What is Attack Surface Reduction
Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.
Azure DevOps Supply Chain Hardening Guide
A senior engineer's 2026 playbook for hardening Azure DevOps against the supply chain attacks that actually happen: extensions, service connections, and template injection.
What is Just-in-Time Access
Just-in-time access grants time-bound, task-scoped permissions instead of standing privileges -- here's how it works, its benefits, and how to implement it.
State of Cloud Security Report Overview
This year's cloud security reports point to the same conclusion: detection isn't the bottleneck anymore — identity sprawl, supply chain risk, and slow remediation are.
AWS CodeBuild/CodePipeline Hardening in 2026
CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.