Bitglass has been awarded U.S. Patent No. 10,855,671 for another fundamental invention in transparent, contextual access control of cloud services. The announcement comes on the heels of a first foundational patent (U.S. Patent No. 10,757,090) for contextual access control.
These inventions enable the transparent enforcement of contextual access control on cloud applications via a control point (CASB) inserted between an Application and an Identity Provider (IdP). In U.S. Patent No. 10,757,090, the insertion is in the order Application -> CASB -> IdP. In US Patent No. 10,855,671, the insertion is Application -> IdP -> CASB. Since their initial filings in August 2013, these patented inventions have been adopted widely by other leading cloud security vendors seeking to enable inline security, and are now considered the industry standard for addressing business-critical security use cases.
In US Patent No. 10,855,671 (ACS proxy mode), once the user has been authenticated by an Identity Provider, the CASB considers the risk profile of the user and determines the level of access to allow. The CASB may permit direct access to the application, proxied and controlled access to the application with data and threat protection enforced, or deny access altogether. In comparison, in U.S. Patent No. 10,757,090 (SAML relay mode), the CASB intercedes between the application and the IdP, and is aware of both successful and unsuccessful login attempts, thereby enabling stronger anomaly detection and Denial of Service protection.
“Our CASB platform can integrate with any IdP you have in place and can secure access to any cloud resource,” said Anurag Kahol, CTO of Bitglass. “Because this approach is cloud native and requires no agents, it’s transparent to the end user and can secure any device, including employees’ personal endpoints.”
“This patent firmly establishes that Bitglass invented the foundations of contextual access control for the cloud,” said Nat Kausik, CEO of Bitglass. “This is why our CASB remains the industry standard for organizations that need real-time security. It is this same CASB that is now a part of our Secure Access Service Edge offering, along with our SmartEdge Secure Web Gateway and our real-time ZTNA.”
