https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 16 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive.en A complete look at the cloud security stack as of May 2026. Zero Trust (Cloudflare, Tailscale, Zscaler, Netskope), CSPM/CNAPP (Wiz, Orca, Lacework, Prisma Cloud, Sysdig, Aqua), SBOM/SLSA supply chain (Sigstore cosign, CycloneDX/SPDX, Trivy, Syft, Grype, Dependency-Track, GUAC), runtime security (Falco, Tetragon, KubeArmor), secrets/IGA (Vault, CyberArk, Doppler, Infisical), and IaC/policy (Checkov, OPA, Kyverno) — all in one place. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cloud-securityzero-trustsbomslsacspmcnappwizfalcosigstorevaulttailscalecloudflare-zero-trustsupply-chain-securitydevsecops https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive.ja 2026年5月時点のクラウドセキュリティスタックを一気に整理する。Zero Trust(Cloudflare、Tailscale、Zscaler、Netskope)、CSPM/CNAPP(Wiz、Orca、Lacework、Prisma Cloud、Sysdig、Aqua)、SBOM/SLSAサプライチェーン(Sigstore cosign、CycloneDX/SPDX、Trivy、Syft、Grype、Dependency-Track、GUAC)、ランタイムセキュリティ(Falco、Tetragon、KubeArmor)、シークレット/IGA(Vault、CyberArk、Doppler、Infisical)、そしてIaC/ポリシー(Checkov、OPA、Kyverno)まで一本でまとめる。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cloud-securityzero-trustsbomslsacspmcnappwizfalcosigstorevaulttailscalecloudflare-zero-trustsupply-chain-securitydevsecops https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-cloud-security-zero-trust-sbom-slsa-cspm-wiz-falco-sigstore-vault-2026-deep-dive 2026년 5월 기준 클라우드 보안 스택을 끝까지 본다. Zero Trust(Cloudflare, Tailscale, Zscaler, Netskope), CSPM/CNAPP(Wiz, Orca, Lacework, Prisma Cloud, Sysdig, Aqua), SBOM/SLSA 공급망(Sigstore cosign, CycloneDX/SPDX, Trivy, Syft, Grype, Dependency-Track, GUAC), 런타임 보안(Falco, Tetragon, KubeArmor), 시크릿/IGA(Vault, CyberArk, Doppler, Infisical), IaC/정책(Checkov, OPA, Kyverno)까지 한 글에서 깊이 정리한다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cloud-securityzero-trustsbomslsacspmcnappwizfalcosigstorevaulttailscalecloudflare-zero-trustsupply-chain-securitydevsecops https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive.en As of May 2026, the Cloud Security Posture Management (CSPM) market has been completely reshaped by Google acquiring Wiz for $32B in March 2025. This deep dive covers Wiz, Lacework (acquired by Fortinet), Orca Security, Aqua Security, Sysdig, Prisma Cloud, Snyk Cloud, Tenable Cloud Security, Datadog CSM, Microsoft Defender for Cloud, Google Security Command Center, and AWS Security Hub — plus the CNAPP/CWPP/CIEM/DSPM four-category framework and Cyera/Varonis/BigID, with Toss, Kakao KSec, Mercari, and NTT references. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cspmcloud-securitywizgoogle-wizlaceworkorca-securityaqua-securitysysdigprisma-cloudsnyk-cloudtenabledatadog-csmdefender-for-cloudsecurity-command-centeraws-security-hubcnappcwppciemdspmcyeravaronis2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive.ja 2026年5月時点のクラウドセキュリティポスチャマネジメント(CSPM)市場を整理します。2025年3月にGoogleが$32Bで買収したWiz、Fortinetに買収されたLacework、Orca Security、Aqua Security、Sysdig、Prisma Cloud、Snyk Cloud、Tenable Cloud Security、Datadog CSM、Microsoft Defender for Cloud、Google Security Command Center、AWS Security Hubまで — そしてCNAPP/CWPP/CIEM/DSPM 4分類フレームとCyera/Varonis/BigID、トス・カカオ KSec・メルカリ・NTTセキュリティの事例を1本にまとめました。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cspmcloud-securitywizgoogle-wizlaceworkorca-securityaqua-securitysysdigprisma-cloudsnyk-cloudtenabledatadog-csmdefender-for-cloudsecurity-command-centeraws-security-hubcnappcwppciemdspmcyeravaronis2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-cspm-cloud-security-posture-management-2026-wiz-google-32b-lacework-orca-aqua-sysdig-prisma-deep-dive 2026년 5월 기준 클라우드 보안 자세 관리(CSPM) 생태계를 정리합니다. 2025년 3월 Google이 $32B에 인수한 Wiz를 비롯해 Lacework(Fortinet 인수), Orca Security, Aqua Security, Sysdig, Prisma Cloud, Snyk Cloud, Tenable Cloud Security, Datadog CSM, Microsoft Defender for Cloud, Google Security Command Center, AWS Security Hub까지 — 그리고 CNAPP·CWPP·CIEM·DSPM 4분류 프레임과 Cyera/Varonis/BigID, 토스·카카오 KSec·메르카리·NTT 보안 사례를 한 글에 담았습니다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) cspmcloud-securitywizgoogle-wizlaceworkorca-securityaqua-securitysysdigprisma-cloudsnyk-cloudtenabledatadog-csmdefender-for-cloudsecurity-command-centeraws-security-hubcnappcwppciemdspmcyeravaronis2026deep-dive