Mobile devices will turn IT security 'stateless', says Forrester analysis

Mobile devices will turn IT security 'stateless', says Forrester analysis

The fixed management model is doomed

Article comments

The IT security model that has admins tending mobile devices such as laptops and smartphones using fixed security firewall and gateway infrastructure is obsolete and should be replaced by a new 'stateless' approach, a Forrester report has suggested.

According to Prepare For Anywhere, Anytime, Any-Device Engagement With A Stateless Mobile Architecture, the stateful model made sense when computers sat in defined locations and could be managed using conventional network infrastructure, but mobility has changed the game.

This 'stateful' approach is management-heavy, expensive and inconvenient, propped up by quick fixes such as inefficient mobile VPNs, the report said. Worse, a growing band of devices – the BYOD dimension - were sneaking past management altogether, creating holes in the security posture of organisations.

In Forrester's use of the term, 'stateless' means not making any assumptions about the device based on its type, location, apparent privileges to demand services and application access; these parameters should always be assessed anew each time the devices connected, said Forester.

In a sense, then, management is abolished to be replaced by device inspection, based on dynamic device inspection and 'zero trust'.

Where such assessment happened was also worth looking at, with cloud security services such as single sign-on (SSO) a good option as these approach authentication in a stateless manner that made no assumptions about such trust.

If this sounds abstract, the premis of the analysis is essentially plausible; security architectures must take account of mobility because eventually almost all business devices will to some extent be mobile.

“Mobility holds the promise of fostering new innovations, reaching new audiences, and most importantly, creating never-before-seen user experiences and business opportunities,” said report author, Chenxi Wang.

“A stateless architecture will engender big changes in IT operations and expectations of control, but the end result will be a coherent strategy that allows IT to provision services to any device dynamically.”

The reality is that for today's networks and admins the attractive vision of abandoning device management for a more dynamic security model is still some way off – networks encompass generations of legacy systems so ditching the stateful model is a long-term issue.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *