Safeguard
Tag

zero-trust

Safeguard articles tagged "zero-trust" — guides, analysis, and best practices for software supply chain and application security.

51 articles

Kubernetes Security

Default-deny NetworkPolicy: closing the pod-to-pod gap in Kubernetes

Kubernetes pods allow all traffic by default, and many clusters' NetworkPolicy YAML silently does nothing because the CNI plugin never enforces it.

Jul 15, 20266 min read
Cloud Security

Unified identity, segmentation, and policy-as-code for multi-cloud

38% of breaches start with stolen credentials, per Verizon's 2024 DBIR — the fix for multi-cloud estates is unified identity, segmentation, and policy-as-code, not per-provider IAM.

Jul 13, 20267 min read
Container Security

Service Mesh Security: mTLS, Authorization, and Zero Trust

A service mesh can give you mutual TLS between every service, identity-based authorization, and encrypted traffic without touching application code — or it can become an over-privileged proxy layer you never locked down. Here is how to do it right.

Jul 8, 20265 min read
Best Practices

The four pillars every enterprise security program needs

Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.

Jul 8, 20266 min read
Kubernetes Security

Implementing mTLS in Kubernetes clusters: a hands-on guide

Kubernetes ships zero built-in encryption for pod-to-pod traffic — here's how cert-manager and service meshes fix that, and the five misconfigurations that quietly undo it.

Jul 8, 20266 min read
Concepts

Zero Trust Architecture, Explained

Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.

Jul 3, 20267 min read
Concepts

What Is Defense in Depth in Security?

Defense in depth is a layered security strategy that assumes any single control will eventually fail, so it stacks independent safeguards to slow and stop attackers. Here's how the model works and how it maps to the software supply chain.

Jul 2, 20266 min read
Container Security

Kubernetes Network Policies: A Practical Guide

By default every pod in a Kubernetes cluster can talk to every other pod. NetworkPolicies are how you replace that flat network with least-privilege segmentation — here is how to design and roll them out without breaking traffic.

Jul 1, 20265 min read
Container Security

Kubernetes network policies for zero trust

Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.

Jun 26, 20267 min read
Compliance

Federal AST mandate M-22-09 explained

OMB's M-22-09 forces federal agencies to run continuous application security testing under zero trust. Here's what changed, and how Safeguard compares to Checkmarx.

Jun 25, 20267 min read
Buyer's Guides

Best Software Supply Chain Security Platforms in 2026: A Buyer's Guide

An honest, side-by-side guide to the best software supply chain security platforms in 2026 — what each tool is genuinely good at, who it fits, and how to choose between zero-CVE, SCA, reachability, and CNAPP approaches.

Jun 24, 20266 min read
Threat Intelligence

Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices

An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.

Jun 21, 20267 min read
zero-trust — Safeguard Blog