Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

What Software Delivery Shield does for end-to-end supply ...

A breakdown of what Google Cloud's Software Delivery Shield actually does — SLSA provenance, SBOM generation, Binary Authorization — and where its coverage gaps still leave supply chains exposed.

Jan 11, 20267 min read
Cloud Security

Best practices for managing encryption keys with Google C...

A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.

Jan 11, 20268 min read
Cloud Security

Using GCP organization policy constraints to enforce secu...

GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.

Jan 10, 20268 min read
Cloud Security

Using VPC Service Controls to prevent secret exfiltration...

VPC Service Controls create a hard perimeter around Secret Manager, blocking exfiltration even when credentials are compromised or IAM is misconfigured.

Jan 10, 20267 min read
Container Security

Comparing security models of GKE Autopilot versus Standar...

GKE Autopilot security vs Standard clusters draw the shared-responsibility line very differently. Here's what changes for pod security and hardening.

Jan 9, 20267 min read
Industry Analysis

Managing secrets securely with OCI Vault

A step-by-step guide to OCI Vault secrets management: provisioning, rotation, IAM policies, pipeline integration, and best practices for securing credentials.

Jan 9, 20268 min read
Cloud Security

Designing least-privilege IAM policies in Oracle Cloud In...

How to design least-privilege OCI IAM policies: dynamic groups, compartment scoping, and the audit habits that keep permissions from silently sprawling.

Jan 8, 20267 min read
Container Security

Comparing container registry security features across maj...

A practical, no-fluff comparison of ECR vs ACR vs GAR vs OCIR on scanning depth, signing, IAM, and compliance — plus where Harbor fits and how Safeguard unifies them.

Jan 6, 20268 min read
Cloud Security

Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...

A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.

Jan 6, 20268 min read
Container Security

How Log4Shell exposed cloud container images and how to d...

Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.

Jan 6, 20268 min read
Vulnerability Analysis

Server-Side Request Forgery (SSRF): how it works and how to prevent it

SSRF turns a server into an attacker's proxy into your internal network. Here's how it works, what Capital One's breach taught the industry, and how to stop it.

Dec 14, 20256 min read
Cloud Security

Comparing confidential VM offerings across major cloud pr...

A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.

Dec 11, 20258 min read
cloud-security (Page 19) — Safeguard Blog