Safeguard
Tag

google-cloud

Safeguard articles tagged "google-cloud" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Cloud Security

Automating Security Controls on Google Cloud

Binary Authorization can block every unsigned container from reaching GKE or Cloud Run — but only if your pipeline is wired to sign images the moment they pass scanning.

Jul 8, 20267 min read
Application Security

GCP IAM security best practices

GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.

Jun 19, 20267 min read
Cloud Security

Automating secret rotation in Google Cloud Secret Manager

A practical guide to automating GCP Secret Manager rotation—covering versioning, Cloud Functions, Cloud Scheduler, and rotating database credentials safely.

Jan 12, 20268 min read
Cloud Security

Applying least-privilege principles to GCP IAM roles

Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.

Jan 12, 20267 min read
Cloud Security

Best practices for managing encryption keys with Google C...

A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.

Jan 11, 20268 min read
Container Security

How Container Threat Detection identifies runtime attacks...

How Container Threat Detection GCP watches GKE kernels for reverse shells, added binaries, and privilege escalation—and why runtime signals catch what image scanning can't.

Jan 10, 20266 min read
google-cloud — Safeguard Blog