Dynamic enterprise security control based on user risk factors

a security control and dynamic technology, applied in the field of computer and other programmable device security, can solve the problems of security data loss probability, and security data loss probability

Inactive Publication Date: 2016-08-04
KYNDRYL INC
View PDF0 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0004]In one aspect of the present invention, a method for dynamically setting enterprise-level security rules as a function of assessing risk factors associated with a user includes determining risk values for respective ones of different attributes of a user. The risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective attribute with the user. The risk values are added together to generate a risk factor for the user, which is compared to one or more off-site access threshold values. In response to determining that the risk factor meets the off-site access threshold value(s), security settings associated with the user are applied and access is granted pursuant to the applied security settings to the user to the enterprise secure data from an off-site location of the user that is not within a local network of the enterprise. In response to determining that the risk factor does not meet the off-site access threshold value(s), the method determines whether additional security enhancements applicable to the user and not enabled within the applied security settings are available, and if so iteratively selects ones of the available additional security enhancements, revises the security settings by enabling the selected security enhancements, and revises the risk factor by a risk abrogation value of the selected security enhancement, until either (i) granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the off-site access threshold value(s); or (ii) denying access to the user to the enterprise secure data from the off-site location, in response to determining that there are no additional security enhancements applicable to the user and not enabled within the security settings.
[0005]In another aspect, a method provides a service for dynamically setting enterprise-level security rules as a function of assessing risk factors associated with a user. The method includes integrating computer-readable program code into a computer system including hardware processor in circuit communication with computer readable memory and a computer readable storage medium. The risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective attribute with the user. The computer readable program code includes instructions for execution by the processor that cause the processor to add the risk values together to generate a risk factor for the user, which is compared to one or more off-site access threshold values. In response to determining that the risk factor meets the off-site access threshold value(s), security settings associated with the user are applied and access is granted pursuant to the applied security settings to the user to the enterprise secure data from an off-site location of the user that is not within a local network of the enterprise. In response to determining that the risk factor does not meet the off-site access threshold value(s), the processor determines whether additional security enhancements applicable to the user and not enabled within the applied security settings are available, and if so iteratively selects ones of the available additional security enhancements, revises the security settings by enabling the selected security enhancements, and revises the risk factor by a risk abrogation value of the selected security enhancement, until either (i) granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the off-site access threshold value(s); or (ii) denying access to the user to the enterprise secure data from the off-site location, in response to determining that there are no additional security enhancements applicable to the user and not enabled within the security settings.
[0006]In another aspect, a system has a hardware processor in

Problems solved by technology

The risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective attribute with the user.
The risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective attribute with the user.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic enterprise security control based on user risk factors
  • Dynamic enterprise security control based on user risk factors
  • Dynamic enterprise security control based on user risk factors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015]The present invention may be a system, a method, and / or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.

[0016]The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flas...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Aspects dynamically set enterprise-level security rules by assessing risk factors associated with a user. Risk values representing likelihoods of loss of enterprise secure data are determined for different attributes of a user, and added together to generate a user risk factor. If the risk factor does not meet one or more off-site access threshold value(s), additional security enhancements applicable to the user and not enabled within currently applied security are iteratively selected and used to revise the security settings, and the risk factor is revised by a risk abrogation value of each of the selected security enhancements, until either the revised risk factor meets the off-site access threshold value(s) (wherein access is granted to the secure data from the off-site location pursuant to the revised security settings), or until no additional applicable security enhancements are available (wherein user access to the secure data from the off-site location is denied).

Description

TECHNICAL FIELD[0001]Aspects of the present invention relate to computer and other programmable device security, and more particularly to enterprise level data security software implementations for controlling data access by users via remote-access, converged communications, cloud environment and mobile device and application domains.BACKGROUND[0002]An enterprise may generally refer to a corporation, organization, department or other corporate structure wherein a plurality of different individuals work and function together toward a common purpose. Enterprise workspaces may feature local area network (LAN) security configurations that enable the access and sharing of data between enterprise storage devices and the devices of individual data users (employees, team members, consultants, students, etc.) while providing robust protection to secure data from outside access by requests originating outside of the LAN. However, such users may work from home or other locations away from cont...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/62G06Q10/06G06Q50/00
CPCH04L63/20H04L63/10G06Q10/0635G06Q50/01G06F21/6218H04L63/083H04L63/1433H04W12/086G06F2221/2111G06F2221/2141G06F2221/2149H04L63/107
Inventor BOSS, GREGORY J.JONES, ANDREW R.LINGAFELT, CHARLES S.MCCONNELL, KEVIN C.MOORE, JR., JOHN E.
Owner KYNDRYL INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap