No Matter the Conditions, Compass Has User Access Covered

Part of the Cobalt Iron Patents blog series

It’s hard to overstate the importance of controlling access to IT resources when network conditions are constantly in flux. There are so many reasons to do it, not the least of which is to thwart ever more sophisticated security threats. You also have to consider network infrastructure changes, changing user roles and responsibilities, compliance and legal requirements, system updates, performance and capacity issues, and much more — often simultaneously. Making on-the-fly adjustments is essential to maintaining security, but with so many variables and so much to do in a busy IT environment, on-the-fly adjustments are all but impossible.

Fortunately for Compass users, Cobalt Iron has a patented technology for that.

It’s officially called dynamic authorization control based on information technology (IT) security and operational events, and we’re working on implementing it into the Compass enterprise SaaS backup platform.

It boils down to this: Compass will make the on-the-fly changes for you, and machine learning will ensure it will only get better at the job.

Why You Need It

The industry lacks authorization controls that respond to cyber threats, events, or other changes in the IT environment.

Authorization controls are the processes by which individuals or entities are validated to have proper security authentication (i.e., identity verification) and access control (permissions and privileges) to execute some action (e.g., access, view, move, write, delete, configure, etc.) against some resource (e.g., a building, bank account, applications, data, IT resources, operation centers, etc.). Existing techniques are typically two-dimensional in nature. That is, they provide control only over functional permissions and the domain (scope) of those permissions.

IT administrators commonly have many roles and move frequently among different teams, some of which are transient, and some of which could partially or completely overlap or even conflict. Not only that, but roles can change from one operational environment to the next (e.g., in different clouds, data centers, projects, stages of a project, etc.). For example, a systems administrator could also be assigned to a data center migration team, a disaster recovery test team, and an audit team. The required authentication controls will likely be different for each, but with existing approaches, administrators most likely will have the same authorization no matter what. That’s a recipe for inappropriate access and greater business risk.

Furthermore, in most current environments, authentication roles and associated permissions rarely change. Once set, access control credentials are commonly left in place for long periods of time (sometimes years), are not reviewed, and are not adjusted for varying roles administrators might play in the organization.

What It Will Do

Thanks to the newly patented approaches, Compass will be able to control authentication privileges more dynamically based on changing user roles, current security conditions, and historical analysis of past operational outcomes of authentication levels. The technology qualifies for a patent because it uses analytics and machine learning to make these dynamic adjustments.

When fully implemented, the patented techniques will make it possible for Compass to:

• Inform analytics with historical data on security events, authentication levels for members of various teams, operational outcomes of those member authentication levels, evolving team member roles, and other data.
• Apply machine learning analytics to determine optimal adjustments to team and member authentication levels during security events.
• Monitor for various conditions and events, including a change in team member roles, a change in the locality of data or other resources, or indications of a cyber security event.
• Dynamically modify user authorization control, level, or duration based on the condition or event and the machine learning analysis.
• Leverage a cloud security profile in the determination of any user authorization modifications.

For example, if a user is acting in a different role on a different team, Compass could automatically adjust authorization control to the IT resources associated with the new role and team. In another example, when Compass analyzes operational outcomes of authentication controls from previous cyber security events, it could recognize the need to adjust authentication levels automatically during future security events to optimize business processes and reduce risk.

What It Means for You

No longer will you have to worry about static authorization controls. Compass will use analysis of operational outcomes — continually improved by machine learning — to optimize access credentials and reduce security exposures in IT environments.

We’d love to show you around. Contact us to learn more.