Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

AWS ECR Signing Policies with Notation

ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.

Feb 5, 20267 min read
Cloud Security

Wiz vs Prisma Cloud in 2026

Two CNAPPs at the top of every shortlist, and they are not interchangeable. A detailed look at agentless coverage, runtime depth, pricing pressure, and deployment realities.

Feb 4, 20266 min read
Cloud Security

GCP Cloud Build + Workload Identity Federation

Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.

Feb 1, 20267 min read
Container Security

What is a Golden Image

A golden image is the hardened template every server and container is cloned from — powerful for consistency, dangerous when it goes stale. Here's how to secure it.

Feb 1, 20267 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
Cloud Security

What is Drift Detection

Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.

Jan 31, 20267 min read
Cloud Security

What is Posture Management

Security posture management explained: what it covers, how it differs from vulnerability management, and why misconfiguration still drives most cloud breaches.

Jan 31, 20267 min read
Application Security

What is Attack Surface Reduction

Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.

Jan 30, 20267 min read
Cloud Security

Azure DevOps Supply Chain Hardening Guide

A senior engineer's 2026 playbook for hardening Azure DevOps against the supply chain attacks that actually happen: extensions, service connections, and template injection.

Jan 27, 20267 min read
Cloud Security

What is Just-in-Time Access

Just-in-time access grants time-bound, task-scoped permissions instead of standing privileges -- here's how it works, its benefits, and how to implement it.

Jan 26, 20267 min read
Industry Analysis

State of Cloud Security Report Overview

This year's cloud security reports point to the same conclusion: detection isn't the bottleneck anymore — identity sprawl, supply chain risk, and slow remediation are.

Jan 23, 20268 min read
Cloud Security

AWS CodeBuild/CodePipeline Hardening in 2026

CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.

Jan 22, 20267 min read
cloud-security (Page 16) — Safeguard Blog