Keep a (smart)watch on wearable technology
This year, we are really set to witness the take-off of wearable technology. In fact, research and market intelligence company IDC estimates that the wearable devices market will reach a total of 19.2 million units in 2014.
The launch of exciting new gadgets, like Fitbit devices and Jawbone’s UP bracelet, can be seen all over the news. Earlier in the year much fuss was made of the first big come-one-come-all Google Glass sale. The tech giant reported that, in just a few short hours, all of the Glass had sold out. And, if the rumours are to be believed, we should soon see Apple enter the wearable tech scene with its iWatch product, which has been hotly anticipated for a while now. All this hysteria supports Gartner’s prediction that the wearable technology market will be worth a staggering $10billion by 2016.
Moving from desktops to wearable technology
In the past, we have watched as our computing devices have moved from the desktop to our laps. More recently, as we have become increasingly connected and reliant on the internet, we carry computers in our pockets. Now, as technology moves to our bodies, it’s important to be mindful of the risks and implications of these new devices. For example, fitness bands that monitor and capture information about our health (and send it to the internet for diagnosis) are a remarkable step forward for medicine in many ways. But devices that can track our movement using GPS could provide a malicious user with details about our daily routines and patterns, as well as our current location.
Aside from the questions about what wearable technology means for the privacy of an individual, there’s the huge question of what the security implications of connecting these kinds of devices to the corporate infrastructure will be. Employees who bring these devices into their place of work will generally be more focused on factors like battery life and screen size. They won’t necessarily be giving much thought to security controls, leaving the door wide open for potential fraudulent data capture. For an IT team that is already defending their organisation against constant and ever more sophisticated cyber-attacks, wearable technology could cause a serious headache.
Policies
As an extension of BYOD, businesses should already have information and network-security policies in place to cover many of the concerns applicable to wearable technology. Although most IT departments already have guidelines that address such issues as workplace social networking, safe computing and BYOD usage, wearable technology raises several questions for the further development of these standards.
For instance, which employees will be allowed to use wearable technology in the work place and which will not? Will anyone be required to use it to do their job and, if so, how will personnel be identified and approved for its use? In addition, businesses should think about whether to restrict capabilities, such as by disabling certain features and figuring out where in the organisation wearable technology will be allowed or prohibited.
Benefits of wearable technology
However, despite the potential risks, the advantages of BYOD and wearable technology are often difficult to ignore. Mobile devices and wearable technology can have a potentially fantastic impact on business applications.
For example, imagine a factory worker being able to recall complex technical information for equipment without having to carry a heavy laptop around. Other industries, such as real estate, where employees spend much of their time away from their desks could also benefit massively from the freedom offered by wearable tech.
In order to regain control of the security risks from wearable technology and reap the benefits for business instead, IT security professionals must have complete visibility of everything in their environment. They can then establish the level of risk and secure it appropriately. For most enterprises the right solution is to implement policies that clearly define the proper use of employee-owned devices (to ensure they are only used in a business relevant way) and then have enough checks and controls in place to enforce those policies.
Ultimately, the security of mobile devices can be established by working through the following three phases:
- Before – Establishing control over where, when and how mobile devices are used and what data they can access and store.
- During – Visibility and actionable intelligence to identify threats and monitor the activity of risky devices on the corporate network.
- After – When the network is inevitably compromised, be being able to retrospectively review how the threat entered the network; which systems it interacted with and what files and applications were run.
At the end of the day, where IT security is concerned, there is no silver bullet and, as cyber criminals become ever more cunning, it is a major challenge for organisations to stay one step ahead. However, it is increasingly becoming the way companies deal with hacking incidents, when they actually occur, that really matters. Having smart plans in place to detect, prevent and, if necessary, remediate quickly can mean the difference between a minor technology hiccup and a full system meltdown.
Sean Newman
Security Strategy,
Sourcefire
