Safeguard
Tag

zero-trust

Safeguard articles tagged "zero-trust" — guides, analysis, and best practices for software supply chain and application security.

51 articles

DevSecOps

Zero Trust for CI/CD Pipelines: A Concrete Blueprint

CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.

Mar 24, 20268 min read
Cloud Security

What is Microservices Security

Microservices security means securing service-to-service auth, dependencies, and containers across hundreds of independently deployed services—not one monolith.

Mar 17, 20267 min read
Cloud Security

What is the Principle of Least Privilege

The principle of least privilege limits every user and system to only the access it needs. Here's how it works and why it matters for cloud security.

Mar 13, 20267 min read
Cloud Security

What is Zero Trust Security

Zero trust means never trusting a user, device, or workload by default. Here's what NIST 800-207 actually requires, why it applies to supply chains too.

Mar 13, 20266 min read
Identity Security

SPIFFE/SPIRE identity

What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.

Mar 2, 20267 min read
Identity Security

SVID (SPIFFE Verifiable Identity Document)

An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.

Mar 2, 20267 min read
Identity Security

mTLS (mutual TLS)

What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.

Mar 2, 20267 min read
Identity Security

How to set up mutual TLS (mTLS) between microservices

A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.

Feb 19, 20266 min read
Best Practices

What is a VPN

A plain-English breakdown of what a VPN is, how it encrypts traffic, and why VPN gateways have become one of the most exploited attack surfaces in enterprise networks.

Feb 17, 20267 min read
Best Practices

What is Network Segmentation

Network segmentation limits breach blast radius by isolating systems into enforced zones. Learn the types, common mistakes, and how to implement it in hybrid clouds.

Feb 16, 20267 min read
Identity Security

How to implement zero trust network architecture

A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.

Feb 14, 20267 min read
Best Practices

How to implement network segmentation in a data center

A step-by-step guide to network segmentation best practices in the data center: mapping traffic, VLANs, microsegmentation, least-privilege rules, and verification.

Feb 12, 20268 min read
zero-trust (Page 3) — Safeguard Blog