Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

Unified identity, segmentation, and policy-as-code for multi-cloud

38% of breaches start with stolen credentials, per Verizon's 2024 DBIR — the fix for multi-cloud estates is unified identity, segmentation, and policy-as-code, not per-provider IAM.

Jul 13, 20267 min read
Cloud Security

The most common AWS misconfigurations in 2026, with detection commands

Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.

Jul 12, 20266 min read
Cloud Security

Developer empowerment in cloud security: a guardrails-first framework

Gartner estimated through 2025 that 99% of cloud breaches would be the customer's fault, not the provider's — guardrails at the point of action are how you fix that.

Jul 12, 20267 min read
Cloud Security

Why Cloud Security Outcomes Depend on Developers, Not Gatekeepers

Gartner projected 99% of cloud security failures through 2025 would be the customer's fault — the fix is guardrails developers own, not a central team reviewing after the fact.

Jul 12, 20267 min read
Cloud Security

Know your cloud environment: a practical asset inventory methodology

Gartner projects that through 2025, 99% of cloud security failures will be the customer's fault — almost always because an asset nobody tracked got misconfigured.

Jul 12, 20267 min read
Cloud Security

Secure-by-design principles for cloud architecture: prevention over detection

The 2019 Capital One breach hit 700+ S3 buckets through one SSRF call. Secure-by-design architecture stops that path before it exists.

Jul 12, 20267 min read
Cloud Security

A guide to scanning Terraform IaC for misconfigurations before deployment

tfsec folded into Trivy in February 2023. Sentinel gates plans in Terraform Enterprise. Here's how to catch misconfigured infrastructure before it's ever provisioned.

Jul 12, 20266 min read
Cloud Security

Connecting build, deploy, and runtime security into one AppSec lifecycle

The XZ Utils backdoor (CVE-2024-3094) was found in the build chain; most tools that would have caught it stop at deploy. Here's how to close that gap.

Jul 11, 20267 min read
Cloud Security

The most common cloud misconfigurations, and the queries that catch them

Cloud misconfiguration was the initial attack vector in 15% of breaches in IBM's 2024 study — tied with phishing. Here are the six patterns and the queries to find them.

Jul 11, 20266 min read
Cloud Security

Detecting and remediating Terraform and CloudFormation drift

Terraform's own drift check can return an ambiguous exit code — here's how declared IaC state quietly diverges from live cloud resources, and how to catch it.

Jul 11, 20267 min read
Cloud Security

Policy as Code: Enforcing Cloud Security Guardrails in CI/CD Instead of Manual Review

OPA reached CNCF Graduated status in January 2021 — yet most teams still catch misconfigured IAM roles by eyeballing a pull request.

Jul 11, 20267 min read
Cloud Security

Policy-as-code for Terraform: testing before you ever run apply

Checkov, OPA, and tflint each catch different Terraform mistakes — chained into CI before apply, they turn a review comment into a hard gate.

Jul 11, 20266 min read
cloud-security (Page 2) — Safeguard Blog