Safeguard
Tag

iam

Safeguard articles tagged "iam" — guides, analysis, and best practices for software supply chain and application security.

36 articles

Cloud Security

The AWS migration security checklist: IAM, encryption, and network segmentation

A misconfigured WAF and an over-permissioned IAM role exposed 106 million records in 2019 — here's the checklist that prevents a repeat during your AWS migration.

Jul 15, 20266 min read
Cloud Security

The AWS misconfiguration cheat sheet: public S3, open IAM, and open security groups

Three misconfigurations — public S3 buckets, over-permissioned IAM roles, and 0.0.0.0/0 security groups — keep causing breaches. Here's the CLI to find and fix each one.

Jul 14, 20266 min read
Cloud Security

The 2026 AWS Security Checklist: Account, IAM, Network, and Data Controls

One SSRF call against an unpatched WAF and a permissive IAM role were enough to expose 106 million Capital One records in 2019 — here's the checklist that stops it.

Jul 12, 20267 min read
Cloud Security

The most common AWS misconfigurations in 2026, with detection commands

Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.

Jul 12, 20266 min read
Cloud Security

Why Cloud Security Outcomes Depend on Developers, Not Gatekeepers

Gartner projected 99% of cloud security failures through 2025 would be the customer's fault — the fix is guardrails developers own, not a central team reviewing after the fact.

Jul 12, 20267 min read
Cloud Security

Secure-by-design principles for cloud architecture: prevention over detection

The 2019 Capital One breach hit 700+ S3 buckets through one SSRF call. Secure-by-design architecture stops that path before it exists.

Jul 12, 20267 min read
Cloud Security

The most common cloud misconfigurations, and the queries that catch them

Cloud misconfiguration was the initial attack vector in 15% of breaches in IBM's 2024 study — tied with phishing. Here are the six patterns and the queries to find them.

Jul 11, 20266 min read
Cloud Security

Detecting and remediating Terraform and CloudFormation drift

Terraform's own drift check can return an ambiguous exit code — here's how declared IaC state quietly diverges from live cloud resources, and how to catch it.

Jul 11, 20267 min read
Cloud Security

The AWS Shared Responsibility Model, Explained With Real Examples

AWS secures the cloud; you secure what's in it. Most breaches — like the thousands of exposed public S3 buckets found every year — happen entirely on the customer's side of that line.

Jul 8, 20266 min read
Cloud Security

High-profile AWS breaches: lessons learned

Capital One's 2019 breach exposed 106 million records through a single SSRF call to the EC2 metadata service — here's the exact control that would have stopped it.

Jul 8, 20266 min read
Cloud Security

The S3 bucket security checklist every AWS team needs

AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.

Jul 8, 20267 min read
Vulnerability Guides

What Is Privilege Escalation? A 2026 Explainer

Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.

Jul 7, 20265 min read
iam — Safeguard Blog