Good afternoon, Craig.

Here is what is happening across the Insights journal.

42

Published

5

Drafts

2

Scheduled

6

Authors

Recent activity

Amara Okafor published “From 4h to 12m: a Sentinel migration write-up”2h ago

You saved a draft “Q3 board briefing”Yesterday

Priya Shah scheduled “Tuning detections: cutting false positives 60%”Mon

Tom Reilly edited “Copilot for clinicians”2 days ago

Articles

42 published · 5 drafts · 2 scheduled

+ New

Title	Practice	Author	Status	Updated
From 4h to 12m: a Sentinel migration write-up	Sentry XDR	Amara Okafor	Published	2h ago	Edit
Q3 board briefing	Advisory	You	Draft	Yesterday	Edit
Tuning detections: cutting false positives 60%	Sentry XDR	Priya Shah	Scheduled	Mon	Edit
Copilot for clinicians — sensitivity labels at the source	Modern Workplace	Tom Reilly	Published	2 days ago	Edit
Shipping a production agent	InterReality Labs	Dev Mistry	Published	5 days ago	Edit
Independent assurance: partner-signed	Advisory	Helen Cross	Published	1 wk ago	Edit
Rolling out Copilot to 8,000 seats	Modern Workplace	Tom Reilly	Draft	1 wk ago	Edit

New article

Draft autosaves as you write. Nothing is public until you press Publish.

Title

URL slug

scg.world/insights/

Body

BIUH2“”• List🔗☑ Code

Publish

StatusDraft

VisibilityPublic

Featured

Organise

Practice

Author

Hero image

⇪Drag an image here
or browse

SEO

Meta description

How Insights Studio works

A git-based headless CMS pattern — the editor is private, the published site stays fully static.

1

Author signs inStudio sits behind Microsoft Entra ID. Only named SCG staff in the Authors group can reach it — enforced server-side, not in the browser.

2

Write & previewArticles are written in this editor and saved as Markdown with front-matter (title, practice, author, date, featured flag).

3

Publish = commitPressing Publish commits the Markdown to a private Git content repository. Every change is versioned, attributed and reversible.

4

CI builds the siteThe commit triggers a static-site build (e.g. Astro / 11ty / Hugo). Markdown becomes the same kind of static HTML pages you see on the live site.

5

Deploy to the edgeThe built static files deploy to Azure Static Web Apps and are served from a global CDN — no database, no server code on the public path.

6

Readers get static HTMLVisitors only ever hit pre-rendered, cacheable HTML. There is nothing dynamic to attack and nothing to keep patched.

Why this is secure

🔐

Identity at the doorEntra ID handles authentication & MFA. The authoring portal is never anonymously reachable; access is a group membership, revocable instantly.

🌏

No public attack surfaceThe live site is static HTML on a CDN. No CMS admin URL, no database, no PHP/plugins exposed to the internet to exploit.

📝

Everything versionedContent lives in Git. Every publish is a signed, attributed commit you can audit, diff and roll back — defacement is trivially reversible.

⚙

Build-time, not run-timePages are rendered once at build, not per request. No user input ever touches a server process in production.

🛡

Least privilegeAuthors can write content; only the pipeline can deploy. Publishing rights and hosting credentials are separated.

⏱

Patch-lightNo always-on CMS server to keep patched. The thing facing the internet is just files, which dramatically shrinks the maintenance burden.

Why not just a hidden admin page on the static site?

A “secret” admin URL is not security — obscurity is not access control, and anyone who finds the link is in. A static page also can’t save content anywhere or hold a real login: any password check written in the browser can be read and bypassed by viewing the source. This Studio model keeps the convenience of a portal, but moves the login and the saving to where they can actually be protected — Entra ID for identity, Git for storage, a build pipeline for deploys. That is the difference between “looks locked” and “is locked.”

← Back to the Insights journal