Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technology is already appearing in the workplace, so get your policies in place now says Sean Newman.

Wearable technology - don't let security be the trade-off for mobility and convenience
Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technologies, such as the much-coveted Google Glass, have been capturing the headlines recently. Analyst firm Juniper Research predicts that wearable tech shipments will grow 10-fold, reaching 150 million devices, by 2018.

With growing public interest in such devices, companies must stay ahead of the curve and prepare themselves for the challenges posed by wearable tech in the workplace. Much has changed since the first personal computers available for the masses. Over the subsequent three decades, computers have continued to shrink significantly in size and, at the same time, grow massively in performance. These technological advances mean that modern computers no longer need to occupy large spaces, or consume huge amounts of power - to the point now, with devices like Google Glass and Nike FuelBand, that they are even being worn as gadget fashion accessories.

While these wearable devices open up a whole new world of interconnectivity, they also bring issues regarding cyber security. One of the key concerns, with a device like Google Glass, is that the wearer could be vulnerable to hackers, who could potentially see and hear everything that he or she does.  Assuming the hacker is successful, they would be able to access all of the user's information and updates, as they happen. They would have details regarding all of the user's online accounts, their passwords and so on, without the user being aware of being monitored at all times.

Imagine how that would play out, if that wearable device was used maliciously in the workplace. As an example, with these devices, it is now easy and convenient to do an unobtrusive video or audio recording of computer screens and closed-door meetings. The damage caused – either physical, reputational or both - could destroy an organisation overnight. The increasingly innovative cyber-criminal community thrives on the challenge of new vectors for their attacks and I've no doubt that they already have wearable technology in their sights. 

Although most IT departments already have guidelines that address issues such as workplace social networking, safe computing and BYOD usage, wearable technology raises further questions for the development of these standards. As the use of wearable technology continues to grow, IT security teams should regularly review and monitor the situation. Should certain job functions be barred from using wearable technology in the workplace? Should others be encouraged? Should some features and functions be disabled to mitigate security risks? These are all questions that will need answering.

The benefits of wearable technology, and BYOD as a whole, are too strong to ignore and we certainly can't turn back the clock. What IT teams must do, to retain control, is ensure they can see everything in their environment, continuously, so they can establish risk-levels and secure it appropriately. For most enterprises, the right solution is to implement policies that clearly define the proper use of employee-owned devices in the enterprise and then have enough checks and controls in place to enforce those policies.

However, when it comes to today's targeted cyber-attacks, from hackers that are increasingly innovative and pervasive, traditional defences are becoming much less effective. It is, therefore, inevitable that some attacks will be successful. This means that organisations must ensure their security policies take this into account and that they consider a solution that enables protection across the entire continuum – before, during and after an attack – to minimise the effect of any breaches that could leave their business exposed.

Contributed by Sean Newman, Security Strategist, Sourcefire, now part of Cisco

close

Next Article in Opinion