fix(use case): finish security use case

Author: RoRoJ

pages/use-cases/security/index.mdx

@@ -21,6 +21,13 @@ Protect your cloud resources with Scaleway's security solutions. From network se
         label="Read more"
         url="/use-cases/"
     />
+        <SummaryCard
+        title="Security baseline for Scaleway infrastructure"
+        icon="rocket"
+        description="Establish a strong security foundation for your Scaleway infrastructure."
+        label="Read more"
+        url="/use-cases/security/security-baseline/"
+    />
 </Grid>
 
 ## Related tutorials

pages/use-cases/security/security-baseline.mdx

@@ -29,7 +29,7 @@ You can use resources such as Public Gateways and Load Balancers to **provide ac
 
 You can set up a Network Access Control List (NACL) for each VPC. This allows you to define rules to limit the flow of traffic between the Private Networks of the VPC according to your needs.
 
-<Lightbox src="scaleway-vpc-infra-1.webp" alt="An architecture diagram shows how a Load Balancer inside a Scaleway VPC is attached to a Private Network. Also attached to the Private Network are three Instances (connected to Block Storage), a Managed Database, and a Public Gateway." />
+<Lightbox image={image} alt="An architecture diagram shows how a Load Balancer inside a Scaleway VPC is attached to a Private Network. Also attached to the Private Network are three Instances (connected to Block Storage), a Managed Database, and a Public Gateway." />
 
 Find out more:
 
@@ -139,3 +139,40 @@ Find out more:
 
 - [Audit Trail Quickstart](/audit-trail/quickstart/)
 - [Audit Trail product integration](/audit-trail/reference-content/resource-integration-with-adt/)
+
+## Summary of security recommendations
+
+**Prioritize private connectivity**
+- Remove public (flexible) IPs from resources unless absolutely necessary to reduce exposure.
+- Favor access via layer 2 Private Networks, within layer 3 VPCs.
+- Use Public Gateways or Load Balancers for controlled internet access within a Private Network.
+
+**Implement Security Groups**
+- Use security groups as as virtual firewalls for your Instances.
+- Customize their rules to allow only required traffic; avoid default permissive settings.
+
+**Leverage Edge Services WAF**
+- Protect applications behind Scaleway Load Balancers by setting up an Edge Services pipeline.
+- Activate the pipeline's Web Application Firewall feature, to block common threats.
+- Configure paranoia levels and exclusions as needed.
+
+**Apply least privilege with Identity and Access Management (IAM)**
+- Use IAM policies to give users and applications only the permissions they need.
+- Avoid using high-privilege Organization Owner keys in applications.
+
+**Enforce Multi-Factor Authentication (MFA)**
+- Require MFA for all Organization Members to prevent unauthorized access.
+- Use TOTP apps or passkeys for second-factor authentication.
+
+**Use Identity Federation**
+- Centralize identity management and eliminate per-platform credential risks.
+- Integrate with SSO via OAuth2 or SAML.
+
+**Monitor with Scaleway Cockpit**
+- Visualize metrics, logs, and traces using Grafana dashboards.
+- Set up real-time alerts for suspicious activity or performance issues.
+
+**Enable Audit Trail**
+- Track all actions within your Organization.
+- Enhance compliance, troubleshooting, and post-incident analysis.
+