Kitted out for defence: safeguarding the wearable workforce

For the last few years the rapid absorption of consumer mobile devices in the enterprise has been empowering workers from every sector to be productive in new and novel ways. Some would argue that the wave of wearable devices now hitting the consumer markets could be the natural next step to this, with the same kind of security issues that IT departments are having to tackle around BYOD (Bring Your Own Device).

Forrester analyst JP Gownder, who researches extensively around mobility and consumerisation, certainly believes that 'wearable devices — and the apps, software, and services that make those wearables truly valuable — will change the way workers do their jobs and how consumers manage their lives.'

In his report 'The Enterprise Wearables Journey' published in January this year, he was unequivocal – 'workers and business people are cognitively and behaviorally ready to embrace wearable technology as an extension of mobility — and to weave it into their business processes.'

But what's interesting, says Gownder, is that the enterprise uptake of wearables for bespoke users may eclipse the consumer market- which at the moment is stuck in its hype bubble.

For consumers, wearables are wrapped up in cultural patterns and can create blowback, says Gownder, 'as the derisive monkers popping up for Google Glass users and news reports of banning can attest to.'

Enterprise wearables, however, could soon be seen as professional tools, 'no more threatening than a doctor's stethoscope or a UPS driver's electronic clipboard.'

Knowledge workers sitting at a desk all day might not find much use in hyper-portable and hands-free wearables but so far developers for products such as augmented reality (AR) smart glasses are finding numerous applications in the warehouse, assembly line, hospital or out in the field working on oil and gas pipelines.

It's a utopian vision for the workplace of the future in which everyone will effectively become 'knowledge workers' empowered by data.

Google may be having some teething problems convincing the average person in the street that they need the kind of information they get on their smartphones right in their line of sight at all times, but their latest marketing video showing firefighters accessing floorplans and other critical information in a burning building is hard to contest.

AR smart glasses in particular are ideal for those who need to access data while keeping their hands free for tasks such as viewing a patient's records whilst carrying out medical treatment. In the case of early innovator EasyJet, it's currently undergoing a major trial of various smart glasses to assist its aviation engineers on the tarmac in its locations around Europe, feedimg them live overlay information and technical assistance while they work.

> See also: WYOD – is your organisation prepared for the wearable onslaught?

Developers have had early success applying enterprise-specific software on top of consumer wearable devices – like Wearable Intelligence, who has several customers in the energy and healthcare sectors running paid pilots using software designed for Google Glass.

The developers say they have removed the consumer-facing software that ships as standard with Google Glass and replaced it with their own enterprise-grade application that has been built from the ground up for security. No sensitive information is stored on the device itself -the patient information accessed via Glass and Wearable Intelligence software stays within the hospital's computer systems, says the company, and are accessed via an encrypted web connection and a cache-less browser.

Adapting consumer to enterprise

But as Sian John, senior senior strategist for security software firm Symantec argues, adapting consumer technology for the enterprise market still comes with its security pitfalls.

She points out examples of consumer wearable and Internet of Things (IoT) type technology that have come out without security and then had it bolted on afterwards – and how this often means problems down the line.

'In the case of the first iteration of smart energy meters a few years ago, because they had to be small devices they had to have the right price point,' says John. 'They weren't big enough to include any security features such as certificates to authenticate or encrypt the device. So it's often the case that we adopt the technology first and then think about securing it.'

In the case of smart energy meters, last year the government brought out a new smart metering protection to safeguard customers' personal data, disallowing the collection of real-time data- but only after over 1.5 million smart meters had already been installed as part of pilots, and privacy watchdogs pointed out the glaring concerns.

'A home home security and baby monitor company in the US brought out a product whereby you could watch it through an internet feed, but didn't even put the basics of a password on them, so anybody could look at babies in cots or see inside a home,' says John. 'In that case the Federal Communications Commission (FCC) is pursuing a court case against the company.'

Eye-catching features

Whether security gets included in a piece of wearable tech is always a gamble, says John, because consumer developers have limited budgets and prioritise the type of features that are more likely to make them fly off the shelves.

All of this adds extra worry for IT departments anticipating that BYOD (Bring Your Own Device) will soon be replaced by WYOD (Wear Your Own Device).

Gownder argues that when it comes to BYOD in enterprise, the reality is that 'something is lacking in the general- purpose technology approach that we’ve employed for years, and thus the one-size-fits-all approach is getting snug.'

Instead, he says, infrastructure and operations managers 'should be looking to 'enterprise-provided wearables' for greater immediate value than BYODs for both workers and their employers.'

> See also: Google Glass in the workplace: the business potential 

Enterprise-provided wearables could mean enterprise-oriented product designs better equipped to solve the complex technical problems of a specific job role. And they could offer a more seamless integration with the rest of company infrastructure – companies like Intel and Samsung are building API platforms to integrate wearable devices into standard IT systems.

The real value is in their improved security, however, says Gownder. Enterprise-provided wearables can be fitted with enterprise-ready security tools, such as the Samsung Gear smartwatch which can be supported by Samsung KNOX enterprise security platform. IT departments can also employ geofencing, allowing different levels of access to information depending on an employee's location- for example controlling access to patient information when a doctor leaves the hospital site.

Evolution, not revolution

As in the case of the KNOX service, much of the security technology around wearables will naturally evolve out of the mobile space and existing network solutions.

One area of technology that's been around for around for at least a decade that could be adapted for wearable technology networks are certificates on public key infrastructure (PKI)- which have seen a resurgence of interest thanks to mobility and the Internet of Things.

'Through this you can authenticate access, and more importantly encrypt end to end, including the person doing the update,' says John.

But as she points out, a bigger challenge will be around authenticating an individual user's access to potentially very sensitive information in a mobile setting that may require workers to be hands-free.

'When you're an engineer out in the field working on a jet engine, how do you authenticate?' she asks. 'I don't want to have to put a 25 character passcode in on a thing that doesn't have a keypad.'

> See also: Google Glass vs. Microsoft's smart headband: battle of the wearables

'I've written before about how passwords are awful, and the hope is that wearables might make them obsolete. It's got to the point where passwords are easier to crack than they are to remember them, and all of them have to be changed each time a breach happens.'

However the need for workers to use their hands while on the job, or wear gloves, may rule out biometric identification such as fingerprints.

The 'Nymi' wristband from wearable computing startup Bionym is the first wearable authentication product that uses electrodes on the wrist to read a user's unique electrocardiogram (ECG), communicating it via Bluetooth to other devices nearby. After their identity is validated once it removes the need for other prompts such as passwords or fingerprint scanning.

Let me in

Gownder predicts that, in future, wearable devices could be used as authentication across virtual and physical identification including payment at tills and physical spaces such as offices, locked doors or special-permission zones.

But many have warned that biometric authentication comes with one quite major flaw. Once a person's credentials are compromised, they cannot be reset in the same way as passwords, opening up a potential market in trading biometric data for opportunist criminals.

One potential alternative that John has proposed is the concept of a 'personal area ID,' where contextual authentication could be based on looking at all of a person's devices in tandem.

> See also: Smart glasses will fail without augmented reality, research predicts

'The technology is not with us yet, but there's a potential for this,' says John. 'I could look at you and look at what devices you're supposed to have and build a bigger picture around that, for a greater chance that it's you. So if you've got the glasses and mobile phone, or health monitor and tablet, and they're all in the place they're meant to be, it would be based around the combination of these things together. The more technology we have the more options we give ourselves for authentication.'

There is a lot of speculation about the kinds of threats that will evolve in the wearables space, but as John points out, we won't know until the technology is out there being used in enterprise.

It won't sneak up on IT departments overnight – Gownder predicts that the enterprise wearables movement will unfold over a decade, with piloting and early adoption over the next few years gradually turning to mainstream adoption towards 2020, and business-centrality in the years beyond.

But forward-thinking enterprises 'need to start putting together a road map for thinking about how wearables can improve their businesses over the next few years.'

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data