Mobile securityMobile device necessitate “stateless” IT security architecture
I n a new report, Forrester analysts say that to stay ahead of evolving mobile business requirements, security and risk (S&R) and infrastructure and operations (I&O) executives cannot rely on the old approach of end-to-end control over the data path, device, and applications; instead, they must embrace a “stateless” architecture in which IT decouples security controls from the devices and the infrastructure, derives trust dynamically, and avoids costly new investment of in-house applications and infrastructure
A new report from Forrester look at mobile security and operations. The report aims to help security and risk (S&R) and infrastructure and operations (I&O) executives understand the major business and IT trends which will affect the development of a future-proof mobile support strategy.
Forrester says that mobility holds the promise of fostering new innovations, reaching new audiences, and most importantly, creating never-before-seen user experiences and business opportunities. The new emphasis on mobility, however, comes with security risks.
Forrester analysts say that to stay ahead of evolving mobile business requirements, S&R and I&O pros cannot rely on the old approach of end-to-end control over the data path, device, and applications. Instead, they must embrace a “stateless” architecture in which IT decouples security controls from the devices and the infrastructure, derives trust dynamically, and avoids costly new investment of in-house applications and infrastructure.
In Forrester’s use of the term, “stateless” means not making any assumptions about the device based on its type, location, apparent privileges to demand services and application access. These parameters should always be assessed anew each time the devices is connected.
The analysts say that a stateless architecture will engender big changes in IT operations and expectations of control, but the end result will be a coherent strategy that allows IT to provision services to any device dynamically, but with the controls needed to operate safely and in compliance.
The new report outlines four steps that S&R and I&O pros should follow to build a stateless architecture and to prepare for a future that supports anywhere, anytime, any-device engagement.
“Mobility holds the promise of fostering new innovations, reaching new audiences, and most importantly, creating never-before-seen user experiences and business opportunities,” report author Chenxi Wang told Computerworld. “A stateless architecture will engender big changes in IT operations and expectations of control, but the end result will be a coherent strategy that allows IT to provision services to any device dynamically.”
— Read more in Prepare for Anywhere, Anytime, Any-Device Engagement with a Stateless Mobile Architecture
