Cobalt Iron earns patent on analytics-based dynamic authorisation control

Cobalt Iron has announced that it has received a patent on its technology for dynamic authorisation control based on IT security and operational events. US patent No. 11902285 describes dynamic, multidimensional authorisation control techniques that respond to changes or events in the environment and that improve over time based on machine learning. The company will implement these techniques in Cobalt Iron Compass, an enterprise SaaS backup platform.

Authorisation controls are the processes by which individuals or entities are validated to have proper security authentication (ie, identity verification) and access control (permissions and privileges) to execute some action (eg, access, view, move, write, delete, configure, etc) against some resource (eg, a building, bank account, application, data, IT resource, operation centre, etc). Existing techniques are typically two-dimensional in nature, providing control over functional permissions and the domain, or scope, of those permissions.

It is common for IT administrators to have many roles and to move frequently between different teams, some of which are transient, and some of which could partially or completely overlap or even conflict. In addition, roles may change in different operational environments (eg, in different clouds, data centres, projects, stages of a project, etc). For example, a systems administrator could also be assigned to a data centre migration team, a disaster recovery test team, an audit team or other project roles. The required authentication controls will likely be different for each of those various roles. Existing approaches are typically static and simply maintain the same authorisation for the administrator no matter what role or project team they might be working on. This practice could result in inappropriate access, thereby increasing business risk.

Furthermore, in most current environments, authentication roles and associated permissions are often left in place for long periods of time, sometimes years, without further validation or adjustment. As job responsibilities, projects, applications, architectures and business needs change, these stale roles and permission assignments often lead to security exposures.

Cobalt Iron says its patent introduces approaches that provide more dynamic control of authentication privileges based on changing user roles, current security conditions and historical analysis of past operational outcomes of authentication levels. The technology qualifies for a patent because it uses analytics and machine learning to make these dynamic adjustments. When fully implemented, the patented techniques will make it possible for Compass to:

• inform analytics with historical data on security events, authentication levels for members of various teams, operational outcomes of those member authentication levels, evolving team member roles and other data;
• apply machine learning analytics to determine optimal adjustments to team and member authentication levels during security events;
• monitor for various conditions and events, including a change in team member roles, a change in the locality of data or other resources, or indications of a cybersecurity event;
• dynamically modify user authorisation control, level or duration based on the condition or event and the machine learning analysis; and
• leverage a cloud security profile in the determination of any user authorisation modifications.
   

For example, if a user is acting in a different role on a different team, Compass may automatically adjust authorisation control to the IT resources associated with the new role and team. In another example, analysis of operational outcomes of authentication controls during previous cybersecurity events might indicate a need to adjust authentication levels automatically during future security events to optimise business processes and reduce risk.

“Static authorisation controls are an often-overlooked security exposure for businesses. Once set, access control credentials are commonly left in place for long periods of time, are not reviewed, and are not adjusted for varying roles administrators may play in the organisation,” said Rob Marett, Chief Technology Officer at Cobalt Iron. “One of the areas where Cobalt Iron continues to innovate is in analytics-based optimisations of authorisation controls to IT resources. This patent is another example of that. Compass will use analysis of operational outcomes to optimise access credentials and reduce security exposures in IT environments.”

Image credit: iStock.com/ipuwadol