zero-trust
Safeguard articles tagged "zero-trust" — guides, analysis, and best practices for software supply chain and application security.
51 articles
Zero Trust for CI/CD Pipelines: A Concrete Blueprint
CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.
What is Microservices Security
Microservices security means securing service-to-service auth, dependencies, and containers across hundreds of independently deployed services—not one monolith.
What is the Principle of Least Privilege
The principle of least privilege limits every user and system to only the access it needs. Here's how it works and why it matters for cloud security.
What is Zero Trust Security
Zero trust means never trusting a user, device, or workload by default. Here's what NIST 800-207 actually requires, why it applies to supply chains too.
SPIFFE/SPIRE identity
What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.
SVID (SPIFFE Verifiable Identity Document)
An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.
mTLS (mutual TLS)
What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.
How to set up mutual TLS (mTLS) between microservices
A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.
What is a VPN
A plain-English breakdown of what a VPN is, how it encrypts traffic, and why VPN gateways have become one of the most exploited attack surfaces in enterprise networks.
What is Network Segmentation
Network segmentation limits breach blast radius by isolating systems into enforced zones. Learn the types, common mistakes, and how to implement it in hybrid clouds.
How to implement zero trust network architecture
A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.
How to implement network segmentation in a data center
A step-by-step guide to network segmentation best practices in the data center: mapping traffic, VLANs, microsegmentation, least-privilege rules, and verification.