30Ağu
Why has the adoption of ABAC been so slow?
Given we use ABAC in portions of our security systems like the WAF to partially restrict traffic based on attributes like IP address/User Agent String. While they can be faked internally tagging can be restricted on cloud providers like AWS and Azure.
Is it the lack of tooling or awareness on these controls that restricts access? Or are these tag systems so poorly protected that it would be easy to spoof tags to get access.
I guess the power of the default and the lack of tooling may be contributing to this.
Links
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
https://www.linkedin.com/pulse/how-externalized-security-cuts-costs-back-abac-thomas-mckeown
