Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

Designing least-privilege custom roles with Azure RBAC

A practical guide to designing least-privilege custom roles in Azure RBAC, covering over-permissioning pitfalls, scoping, and audit strategies.

Jan 16, 20267 min read
Cloud Security

Choosing between Key Vault access policies and RBAC permi...

Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.

Jan 15, 20267 min read
Cloud Security

Best practices for using Azure Managed Identity instead o...

A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.

Jan 15, 20268 min read
Cloud Security

Configuring soft delete and purge protection for Azure Ke...

A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.

Jan 14, 20268 min read
Cloud Security

Using Privileged Identity Management for just-in-time Azu...

A practical guide to using Azure conditional access PIM for just-in-time role activation, reducing standing privileges and strengthening least-privilege access.

Jan 14, 20268 min read
Cloud Security

Preventing and detecting Azure service principal credenti...

How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.

Jan 14, 20267 min read
Container Security

Security best practices for Azure Container Apps and secr...

A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.

Jan 13, 20267 min read
Container Security

Hardening Google Kubernetes Engine clusters against attacks

A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.

Jan 13, 20267 min read
DevSecOps

Using GCP Workload Identity Federation for keyless CI/CD ...

GCP Workload Identity Federation lets CI/CD pipelines authenticate with short-lived tokens instead of service account keys. Here's how it works and how to migrate.

Jan 12, 20267 min read
Cloud Security

Automating secret rotation in Google Cloud Secret Manager

A practical guide to automating GCP Secret Manager rotation—covering versioning, Cloud Functions, Cloud Scheduler, and rotating database credentials safely.

Jan 12, 20268 min read
Cloud Security

Applying least-privilege principles to GCP IAM roles

Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.

Jan 12, 20267 min read
Cloud Security

Managing and securing GCP service account keys

A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.

Jan 11, 20268 min read
cloud-security (Page 18) — Safeguard Blog