Cobalt Iron granted a patent for dynamic authorization control based on conditions and events – Help Net Security

Cobalt Iron announced that it has been granted a patent on its technology for dynamic authorization control based on conditions and events. Issued on May 4, U.S. patent #10999290 describes new capabilities for Cobalt Iron Compass, an enterprise SaaS backup platform, that enable the use of analytics and machine learning to adjust user authentication and access to IT resources dynamically based on a variety of environmental and operational considerations.

The technology meets an unfilled need in the industry for authorization control that responds to cyberthreats or other changes in the IT ecosystem.

Authorization controls are defined as the processes by which individuals or entities are validated to have proper security authentication and permissions to execute some action against some resource, such as accessing an operations center or moving and deleting data.

In most environments today, authentication roles and associated permissions often remain in place for long periods of time, sometimes years, without further validation or adjustment. As job responsibilities, projects, applications, architectures, and business needs change, these old roles and permission assignments often expose the enterprise to security risks.

Cobalt Iron’s newly patented techniques reduce security risks by automatically adjusting authorization controls based on conditions, events, project status, etc., thereby eliminating the pervasive security exposures of outdated, obsolete, and unresponsive authorization controls. This eases the minds of security administrators, backup administrators, systems administrators, CIOs, CISOs, and other IT professionals who are responsible for maintaining security, authentication, and access control in their environments.

The techniques disclosed in this patent:

• Monitor for various conditions and events, such as a change in a state of a project, a change in a security alert level, or a change in the location of data or resources.
• Dynamically modify user authorization control, level, or duration based on the condition or event.
• Apply machine learning analytics to determine the condition or event.
• Leverage a cloud security profile to determine any user authorization modifications.

An important element of the patent is that those techniques will improve over time based on machine learning.

“Existing techniques for authorization control of IT resources are typically static and stale, resulting in security exposures in many of today’s enterprise environments. It’s impossible for humans to adequately monitor, analyze, and adjust all of the security authorization controls to IT resources that might be impacted by the innumerable changing conditions and events in an enterprise IT environment,” said Rob Marett, chief technology officer at Cobalt Iron.

“This patent covers techniques that automatically recognize changes in the environment and dynamically adjust associated authorization controls accordingly. This patent establishes new standards of automation, discipline, and analytics-based responsiveness of authorization control of IT resources.”