Safeguard
Tag

infrastructure-security

Safeguard articles tagged "infrastructure-security" — guides, analysis, and best practices for software supply chain and application security.

27 articles

Infrastructure Security

Terraform Cloud security integration guide

A practical breakdown of Terraform Cloud security: state file exposure, Sentinel/OPA policy gaps, Run Tasks trust risks, and drift monitoring.

Jun 19, 20267 min read
Infrastructure Security

Detecting drift between IaC and live cloud infrastructure

IaC and live cloud state drift apart within days of every deploy. Here's how drift detection actually works, why it matters, and how to close the gap fast.

Jun 18, 20266 min read
Infrastructure Security

Introduction to Open Policy Agent and Rego

A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.

Jun 18, 20268 min read
Infrastructure Security

Ansible playbook security scanning

Hardcoded secrets, unrestricted become, and injection-prone shell tasks turn Ansible playbooks into a single point of compromise across every host they touch.

Jun 17, 20267 min read
Infrastructure Security

Cloud Security Posture Management (CSPM) explained

CSPM explained: what it checks, why Gartner created the category in 2019, how it differs from CWPP/CNAPP, and why raw findings alone don't stop breaches.

Jun 17, 20267 min read
Infrastructure Security

Cloud misconfiguration as the top cause of cloud breaches

Capital One, Toyota, and a single Azure endpoint that leaked 65,000 companies' data all trace back to one root cause: cloud misconfiguration.

Jun 17, 20267 min read
Infrastructure Security

Applying CIS Benchmarks to cloud infrastructure

CIS Benchmarks turn "be secure" into testable checks for AWS, Azure, and GCP — here's how to move from annual audit to continuous enforcement.

Jun 16, 20268 min read
Infrastructure Security

Applying least privilege IAM in cloud-native environments

Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.

Jun 15, 20267 min read
Infrastructure Security

Securing managed Kubernetes clusters with IaC scanning

IaC scanning catches Kubernetes RBAC, network, and IAM misconfigurations in Terraform and Helm before they ever reach EKS, GKE, or AKS clusters.

Jun 15, 20267 min read
Infrastructure Security

The cost of cloud misconfiguration breaches

New breach-cost data shows cloud misconfigurations now cost millions per incident and take months to detect — here's what's driving the trend and how to close the gap.

Jun 15, 20268 min read
Infrastructure Security

When DNSSEC Goes Wrong: The .de TLD Signing Failure That Took Down German Domains (May 5, 2026)

On May 5, 2026, DENIC published unvalidatable DNSSEC signatures for the .de zone after a deployment defect made its signer generate three key pairs instead of one. Validating resolvers worldwide, including Cloudflare's 1.1.1.1, were forced to return SERVFAIL.

May 7, 202613 min read
Infrastructure Security

What is Policy as Code

Policy as code turns security and compliance rules into version-controlled, testable code enforced automatically in CI/CD, admission control, and runtime.

Mar 12, 20268 min read
infrastructure-security — Safeguard Blog