Wearables are coming into the enterprise whether we are prepared for it or not. This new consumer trend is frequently making headlines with the emergence of fitness bands and smartwatches, Google Glass and even rings on our fingers.
It makes sense: technology has become an integral part of our lives. Not only can these devices act as a natural extension of the smartphones we already use regularly, but they also are designed to provide and collect information in more natural ways.
Just as with BYOD, the emergence of wearable technology is bringing with it new security threats and vulnerabilities. Each one of these connected devices represents a potential access point for hackers to obtain sensitive data. In my opinion, wearables are likely going to suffer the worst security problems amongst the Internet of Things (IoT), as they contain the most personal data.
Below are tips to ensure sensitive personal and corporate data accessed and stored on wearable technology is kept secure in the emerging era of BYOW, or bring your own wearable:
1. Don’t take data for granted.
Smartphones, tablets, wearables and other connected devices are collecting a host of extra information that can put consumers and corporations at risk. GPS logs, for example, can track where you work, where you pick up your kids from school, which ATMs you stopped at and which medical clinics you visited.
Identity thieves and blackmailers who wish to gain insight into your company’s info, your bank account and your medical records can hack your wearable devices to find this valuable information. Furthermore, tracking information in a wearable device isn’t just useful to stalkers. It could also be used by competitors to alert them to which clients, vendors, partners and investors you’re meeting with. Recognizing that all data has value is the first step in ensuring it remains in safe hands.
2. Choose substance over style.
The dominant mobile operating systems of today have become much more user friendly over the past few years. Apple, Google and Microsoft have all delivered world-class mobile user experiences that provide more power and freedom than ever before, pushing the “Security vs. Usability” trade-off to the forefront of IT conversations. Meanwhile, many enterprises struggle to keep up with this innovative and powerful extension of the worker outside of the office.
On the flip side, users are beginning to recognize that a great user interface is not the only requirement – security and privacy have become just as integral. In a 2014 study, American multinational corporation Fortinet found that 70 percent of its respondents are “extremely concerned” or “somewhat concerned” about data breaches or having sensitive personal data compromised.
The first wave of wearables was not designed for the enterprise, making this consumer technology a significant threat to business security.
The second wave that we’re seeing now is much more sophisticated and of more benefit to enterprise workers for productive mobility. Hopefully, this means they will have more robust security features built in, but in all likelihood they will have even more access to sensitive data without a comparable increase in security. In order to keep corporate information safe, companies must protect the most appropriate assets while allowing the end users to access the functionality provided by the manufacturers.
3. Use a containerized approach.
Mobile operating systems are leaky by design because they make data easy to move from one app to another, one device to another and one user to another. This ease-of-use has profound implications in terms of security because using something that’s incredibly easy to set up and use means there is very little control over the data replication. For enterprises, this can create a security problem if employees bring unsecured devices in the workplace for work purposes.
Keeping enterprise data in separate, encrypted containers on smart devices has made it possible to control where the data goes next. Policies can be put into place that control the flow of alerts to paired wearable devices as well as controlling the flow of data between apps.
For example, an IT department can allow email subject lines or meeting reminders to get sent to a smartwatch but not allow full access to emails or Office documents on the smartwatch.
To secure any mobile technology, enterprises need to adopt a containerized approach where corporate data is separated from personal data and secured. According to Gartner, smartwatches will make up 40 percent of consumer wristworn devices by 2016. While just a year ago only two of the top 10 smartphone vendors were in the wearable space, today nine out of the 10 top smartphone vendors have entered the market.
Wearable technology is on the rise, and just as we saw with BYOD, employees will continue to bring wearable devices to work to increase efficiency. Many enterprises are just now planning and implementing their overall mobile strategies and policies to ensure the security of corporate data, and wearables must be a part of that discussion.