Updates & Insights

Role-based access control (RBAC) and Attribute-based access control (ABAC) are the two main access control strategies available to secure cloud-based resources. Role-based access control (RBAC) is an authorization model where identities in a system are given one or more roles that allow them to perform a specific business activity. Users of the system activate or assume specific roles to access permissions. Like putting on a hat for a particular occasion, roles can be changed, but only one role is active at a time.

For organizations managing access to cloud resources, infrastructure, and databases, choosing the right access management solution is crucial. While both Common Fate and Teleport offer robust capabilities, they approach the challenge from different perspectives. Common Fate specializes in cloud-native, time-bound access management, while Teleport focuses on protocol-level access control and enterprise-specific features.

If you’re the administrator or owner of an AWS environment and are still relying on IAM users for your human users to access AWS IAM, then you should be considering migrating to AWS IAM Identity Center. As a security engineer, IAM users should be one of your first targets for review and remediation, because of the risks associated with long-term credentials. If you’re a development team scaling up to using multiple AWS accounts, then getting IDC configured will save you expensive effort and re-work later on.

The blast radius metaphor is useful for communicating with business and management stakeholders the gravity and potential impact of their decisions. Put simply, blast radius is the worst-case scenario for something going wrong: If this blew up, what would be impacted?

Your organization’s data is one of its key competitive advantages. Without data, there’s nothing to differentiate you from your competition. This makes your data, and the databases it lives in, some of the most important resources in your environment.

Attribute-based access control (ABAC) is an approach to security that considers the attributes that belong to the entities and resources of an access request, to allow or deny the request.