Wearables are secure enough for the enterprise – but only with the right policies in place
It’s no longer a matter of “if” but “when” for mass adoption of wearables in the enterprise. Whilst they haven’t been mass adopted by consumers, they have a huge opportunity in the enterprise, and the number of organisations already integrating wearable technology into their networks has nearly doubled since 2014 – increasing from 13% to 24%.
Although smartwatches have similar capabilities to mobiles, they become most beneficial when workers need to have their hands free or need information quickly. Smart glasses with augmented reality (AR) such as the HoloLens, can give workers on-the-job training on how to fix equipment or during a medical procedure. And fitness wearables are being used to motivate employees to lead healthier lifestyles. All these types of wearables are already having a huge impact in industries such as manufacturing, oil and gas, healthcare and other service sectors.
So as different types of wearables move into the workplace, what concerns should enterprises have?
The concerns around implementing wearable technology into enterprises vary on the device. However, as all wearables have risen in popularity the biggest concern is over security and privacy. All devices can store and transfer data easily making them a natural choice for the enterprise, but because they often don’t come with built in security there’s a lack of encryption, insufficient authentication and other vulnerabilities. And as the value of wearables can rely on full integration and an instantaneous connection with an organisations servers, it leaves corporate data open to unwanted security breaches.
Despite organisations concerns over security and privacy, the survey from Spiceworks also revealed that of the businesses implementing wearables, only one in three are actively preparing security precautions. So can we make wearables secure enough for mass adoption in the enterprise?
If managed properly - yes - wearables are secure enough to be used by the enterprise. Businesses simply need to understand the security risks of each wearable and follow best practice to keep core data secure and annul the risk of a security breach.
There’s a varying scale of security risks and requirements for different devices, if you’re investing in an off-the-shelf Apple smart watch, you’ll find they have may have a reasonably high level of security and they connect via smartphones. However, smartglasses that are Wi-Fi, or custom wearables have much less security.
A lot can be learnt from the integration of smartphones; enterprise mobility and the creation of bring your own device (BYOD) policies. You need to assess the value of your core data, understand the specific threats and establish what data sets are required for specific tasks. Understanding what data the wearable needs to access for specific tasks will help guide you on how to secure your network and establish where to restrict usage to prevent any privacy violations.
Managing a multitude of different devices is a huge challenge for any organisation, so managing the applications your employees use and how they access them is vital. Clear guidelines and security policies should be created to communicate wearable usage to your employees. It might be worth expanding your BYOD policy to include wearables or even create a wear your own device (WYOD) policy that sits alongside your BYOD policy. There are numerous additional functions that you need to consider, including video and audio recording, geo tracking and health trackers.
The policy should explain the purpose for using wearables, how they should and shouldn’t be used and guidelines on updating security controls. It’s also worth stating specific locations, inside or outside the workplace, where the devices can’t be used, and restricting video and audio recordings.
From a technical perspective, IT departments need to ensure any confidential data can only be accessed via approved apps that require user authentication and that only the minimum amount of data is collected to support business tasks. Reducing the amount of core data that can be accessed via a wearable reduces the security risk significantly. In addition, consider setting up a separate guest network for employees to use with smart devices that typically rely on Bluetooth or Wi-Fi devices.
Finally, utilise security tested APIs and manage how the app connects to your core systems. Restrict certain functionalities and limit the amount of data the app can access at any one time.
As employees continue to bring smart watches and other devices into the workplace, businesses need to adapt. You need to recognise the potential of adopting the technology, understand the benefit and the risks they bring to your business. There are numerous solutions for securing your core data, and if you’re investing a lot of money into wearables then invest the time into ensuring your data is protected. Providing you’ve done this, security risks are removed and wearables are completely safe for the enterprise.