The Taming of Wearable Devices

by in Security
Just when we thought we had BYOD under control, the world was introduced to a whole new animal of mobile devices: wearable technology. Whether information security professionals can control this new beast—running rampant and creating significant risk—is the question facing IT security today.

"Hackable watch of the future!" by Robert Scoble via Flickr.com

BYOD and mobility remind me of the Jurassic Park film franchise. In the first movie, scientists figure out how to create dinosaurs, which provides an exciting prospect for a theme park. But the paleontologists were skeptical of how safe it was to have dinosaurs around people and the obvious and ominous foreshadowing culminates in an ending that doesn’t go well. Back at it again, in the newest film, Jurassic World, scientists and park developers think they’ve figured out how to safely contain dinosaurs in a theme park for human amusement and education. But with the pressure to deliver ever more impressive dinosaurs, scientists create the “Indominus Rex”, which is a hybrid as dangerous as it sounds. Needless to say, things go wrong again. Perhaps, if organizations aren’t careful, wearable devices could become the Indominus Rex of the enterprise.

Taming the First Wave of BYOD Devices


Although mobile and wearable devices can’t eat you, there is a parallel to the films. Employees were excited about BYOD. It was cool that you could use your personal mobile devices to get your work done (and also play Angry Birds when no one was watching). However, like the paleontologists and other experts in Jurassic Park, IT security professionals weren’t 100% sold on BYOD. Sure, it could increase productivity and employee morale, but what about the vulnerabilities? Outside of the workplace, BYOD devices often communicate on insecure networks. Plus, there is the risk of the device getting lost or stolen. After frustrating attempts at using mobile device management (MDM) to secure devices, many organizations are shifting towards more useful mobile application management (MAM) solutions. This method focuses on the applications on the device rather than the device itself. With the advent of MAM, it seems like organizations have tamed BYOD.

Security Concerns of Wearables


Enter wearable technology, a new breed of mobile device. While these wearable devices also aren’t carnivorous, there are many security unknowns:

  • How secure is the Bluetooth connection between these wearable devices and other mobile devices?

  • What sort of authentication needs to be in place?

  • How much stored information on the wearable device will need to be protected?


These are questions that need to be addressed before wearables can be let loose in the enterprise.

The Business Potential of Wearable Technology


Although security concerns exist, many of the initial apps for wearables seem as suited for business purposes as they are for consumer enjoyment. For example,

  • Smart glasses can display video feed from endoscopies, fluoroscopies and other procedures for surgeons.



Other industries will probably find even more uses for wearables. It’s too early to tell, but the main difference between wearables and the initial BYOD trend could be that organizations will provide the wearable technology for their users, as opposed to users bringing their own wearables to work. If this reversal in who provides the device does occur, then IT organizations can proactively take measures to secure the wearable devices.

But, if employees start to bring wearables to work before organizations are ready, we’ll be in the same place we were when the first wave of BYOD hit. The bottom line is, IT security teams need to consider how to allow the benefits of wearables without the security risks. We can’t rest on our laurels, believing that we have BYOD issues completely solved. After all, that was the critical mistake they made in Jurassic Park and Jurassic World.

Labels:

Identity & Access Mgmt
Anonymous