The threat isn't immediate, but adoption is expected to surge when the price of Google's Glass device drops to as low as £150 by 2018. As similar wearable technology continues to appear, security strategies will be tested as a deluge of data-hungry devices enter the workplace.
Google Glass will inevitably be targeted by cyber-criminals, attracted by its valuable data. The risks span multiple vectors: the devices will be open to corporate espionage from competitors. Additionally, data privacy laws can be unknowingly breached by firms that have underestimated wearable technology's impact.
Questions are being asked about Google Glass' potentially porous application security and whether web traffic is encrypted. To make matters worse, the device runs on the vulnerable Android operating system (OS).
However, Google Glass also has strong business advantages that will see it appear in the workplace outside of Bring Your Own Device (BYOD) scenarios. Experts predict there will be take up in industries where workers use their hands but need to get alerts at the same time, such as manufacturing, and a ‘Glass at Work' programme is encouraging creation of apps for specific industry sectors.
Even so, the threat is being taken very seriously, not least by the Information Commissioner's Office (ICO) - which is currently considering responses following a consultation on updating its CCTV Code of Practice to include wearable technology.
Immediate concerns centre around privacy due to “hidden” cameras, says John Pironti, risk advisor with ISACA and president of IP Architects. In working environments where there is close contact, Google Glass could catch passwords or screen shots, he warns. James Frost, senior iOS developer of app consultancy Mubaloo, says this will make it necessary to lock the device down in certain locations.
To counter these risks Google has built explicit signals into the device. The screen is illuminated when in use, taking a picture or recording a video. Users need to speak a command or take an action by pressing the button on the top of the device's frame. In each case the illuminated screen, voice command or gesture make it clear what the user is doing, Google says.
The issues Google Glass raises are similar to mobile phones with cameras, says William Long, partner at Sidley Austin LLP. “The ICO has indicated that many of the issues are not new. But the argument is, there is a difference: it's not as clear when you are wearing it that recording is taking place.”
Big data analytics add to complexity and firms must ensure they process data lawfully, Long says. “You are only meant to collect data that is relevant and necessary for the purposes it will be used for. That puts a tension between this and ‘big data' which is the exact opposite. For all these different types of technologies with different types of data, you need to work out how you collect that information and be proportionate.”
As the price comes down, Google Glass will appear more on the office floor. Managing wearable devices - including those that monitor heart rate while synchronising to mobile phones and clouds - in the workplace is the bigger overall nightmare, Rik Ferguson, vice president security research at Trend Micro says. “A lot of people think they don't care if people know what their heart rate is. But as attackers develop big data analytics techniques, they can keep track of your data. Think of how targeted things can be if they know what you see and where you are.”