Blog

Cloud Control Signal

Practical writing on cloud-native security, IaC policy enforcement, and the gap between security policies and what actually runs in your cloud.

Why We Built Native Security Without an Agent
Cloud Security

Why We Built Native Security Without an Agent

Adding another agent to enforce security policies on a cloud account that already has security policies is the problem, not the solution.

Amit Megiddo
Detecting SCP Coverage Gaps Before Your Auditor Does
AWS SCPs

Detecting SCP Coverage Gaps Before Your Auditor Does

An SCP that doesn't cover every account in an OU is a gap your auditor will find. Here is how to systematically enumerate unattached policies across your AWS Organization.

Daniel Ferreira
Terraform and AWS SCPs: How They Actually Interact
Terraform

Terraform and AWS SCPs: How They Actually Interact

If your SCP denies s3:PutBucketPublicAccess and your Terraform tries to set it — what happens? The answer depends on exactly where in the call chain the SCP condition fires.

Daniel Ferreira
Why Your AWS SCPs Probably Aren't Enforcing Anything
AWS SCPs

Why Your AWS SCPs Probably Aren't Enforcing Anything

SCPs exist in your org. Your security policy document says they're enforced. But when did you last test what they actually block? Most teams haven't — and the gap is predictable.

Amit Megiddo

Topics

AWS SCPs Azure Policy GCP Org Constraints IaC Security CSPM Zero Trust Compliance CI/CD Terraform