Forrester: Mobile devices call for an overhaul in static security thinking

The IT security model admins use for mobile devices is obsolete and should be replaced by a new stateless approach, a Forrester report has suggested.

According to the report, Prepare For Anywhere, Anytime, Any-Device Engagement With A Stateless Mobile Architecture, the stateful model using fixed security firewall and gateway infrastructure made sense when computers sat in defined locations and could be managed using conventional network infrastructure, but mobility has changed the game.

This conventional approach is management-heavy, expensive and inconvenient, propped up by quick fixes such as inefficient mobile VPNs, the report said.

Worse, the growth of user-owned devices in the workplace was sneaking past management altogether, creating holes in the security.

Forrester recommended not making any assumptions about the device based on its type, location, apparent privileges to demand services and application access; these parameters should always be assessed each time the device is connected, said Forester.

Related:

Essentially, blanket security are abolished to be replaced by dynamic device inspection and zero trust.

Where such assessment happened was also key. Cloud security services such as single sign-on (SSO) approach authentication in a stateless manner that made no assumptions about such trust.

It will become increasingly necessary for security architectures must take account of mobility because the majority of end-user interactions will be through mobile devices.

“Mobility holds the promise of fostering new innovations, reaching new audiences, and most importantly, creating never-before-seen user experiences and business opportunities,” said report author, Chenxi Wang.

“A stateless architecture will engender big changes in IT operations and expectations of control, but the end result will be a coherent strategy that allows IT to provision services to any device dynamically.”