zero-trust
Safeguard articles tagged "zero-trust" — guides, analysis, and best practices for software supply chain and application security.
51 articles
Default-deny NetworkPolicy: closing the pod-to-pod gap in Kubernetes
Kubernetes pods allow all traffic by default, and many clusters' NetworkPolicy YAML silently does nothing because the CNI plugin never enforces it.
Unified identity, segmentation, and policy-as-code for multi-cloud
38% of breaches start with stolen credentials, per Verizon's 2024 DBIR — the fix for multi-cloud estates is unified identity, segmentation, and policy-as-code, not per-provider IAM.
Service Mesh Security: mTLS, Authorization, and Zero Trust
A service mesh can give you mutual TLS between every service, identity-based authorization, and encrypted traffic without touching application code — or it can become an over-privileged proxy layer you never locked down. Here is how to do it right.
The four pillars every enterprise security program needs
Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.
Implementing mTLS in Kubernetes clusters: a hands-on guide
Kubernetes ships zero built-in encryption for pod-to-pod traffic — here's how cert-manager and service meshes fix that, and the five misconfigurations that quietly undo it.
Zero Trust Architecture, Explained
Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.
What Is Defense in Depth in Security?
Defense in depth is a layered security strategy that assumes any single control will eventually fail, so it stacks independent safeguards to slow and stop attackers. Here's how the model works and how it maps to the software supply chain.
Kubernetes Network Policies: A Practical Guide
By default every pod in a Kubernetes cluster can talk to every other pod. NetworkPolicies are how you replace that flat network with least-privilege segmentation — here is how to design and roll them out without breaking traffic.
Kubernetes network policies for zero trust
Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.
Federal AST mandate M-22-09 explained
OMB's M-22-09 forces federal agencies to run continuous application security testing under zero trust. Here's what changed, and how Safeguard compares to Checkmarx.
Best Software Supply Chain Security Platforms in 2026: A Buyer's Guide
An honest, side-by-side guide to the best software supply chain security platforms in 2026 — what each tool is genuinely good at, who it fits, and how to choose between zero-CVE, SCA, reachability, and CNAPP approaches.
Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices
An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.