Wearable technology and securing the data: Parallels with the smartphone revolution
Enterprise employees are looking more and more at using wearable technology in the workplace. A recent piece of research showed that males aged 18-34 and those with children at home are most interested. They either own a wearable or want to buy one – and they want to use it at work.
Unfortunately, it’s not as easy as that. More research papers than you can shake a stick at warn of the dangers of connecting business-critical data to smartwatches. It’s not just the apps, or the device either: a recent test by Context Information Security showed an alarming ease at which hackers could track devices through Bluetooth Low Energy (BLE).
So what can you do? Sean Ginevan, senior director of strategy at enterprise mobility management provider MobileIron, notes there “aren’t really a lot of options” to ban wearables outright from an enterprise organisation. Referring to BLE, he tells WearableTech: “The only way to block devices like the Gear, or Android Wear, either are to disable Bluetooth, which nobody really wants, or to ban the pairing apps, which also isn’t a great user experience either.
“What we’ve been doing with customers is educating them on the risk, and saying a lot of wearables today are less of a technology issue and much more of a policy and governance issue.”
Put simply, it’s a case of asking end users whether they’re allowed to bring wearables into the enterprise, and if so, what types of data they are allowed to be engaging with.
As this publication has previously explored, there are plenty of use cases out there for smartwatches, particularly those employees who need to use their hands. Take the oil and gas industry. On a big oil rig, a processing app which would normally need a smartphone or tablet could be taken down to a smartwatch. It won’t distract the employee from the task at hand, and more importantly, there won’t be a ‘glug’ sound when the expensive iPhone falls into the sea.
For Ginevan, it’s about taking a portion of an application – processing, alerting – and utilising the wearable device best. He explains: “I think the challenge with wearables is that, as a technology, they’re super early, and much in the same way how the original consumer class of smartphones entered into the enterprise with very little security behind them, wearables are very much in the same boat.
“So the types of enterprise security features that one would think are important, like remote policy administration, or configuration, or even encryption, aren’t generally present on today’s class of wearables.”
From the application perspective, devices such as the Apple Watch can drive notifications from the phone whether your app is “wearable enabled” or not. The real question, however is: are these users working with a lot of personally identifiable information (PII), and do you want these level of users to have wearable devices, knowing the notifications can be automatically driven to the smartwatch?
“Generally, [with] the security, we’ve not seen a glut of ‘hacks’ over wearable devices, and generally these devices are designed such that if they become unpaired from the phone there’s very little data exfiltration, but there’s still lots of cases where data can remain resonant on the watch even when it’s away from the phone,” Ginevan notes.
“So enterprises really need to be thinking through and saying – if you’re dealing with financial records on a regular basis, or healthcare records on a regular basis, you may or may not be allowed to have a wearable, depending on what that data classification is or what the sensitivity of the data is.”
He adds: “The good news is that there are ISVs out there who are taking wearables very seriously, and they’re bringing forth data security into their applications. So even though the endpoint itself, for example, might not support encryption, the application is supporting that, so the application can go and provide that presentation layer and those notifications in a secure manner without running the risk of PII data being stored in an unencrypted way.”
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.