As wearables enter the workplace, IT revisits BYOD lessons

Every wearable device gives hackers a potential new way into sensitive company, employee or customer data

Related topics
BYOD
Data
Mobile
Security

Related articles

Wearable technology: a cyber risk on your wrist?
Wearable technology: looking at the data behind the buzz
WYOD - is your organisation prepared for the wearable onslaught?

Share article

Short of time?

Print this pageEmail article

'Data-centric security is the best way to welcome smart devices into the workplace'

 

With the Internet of Things (IoT) market going nowhere but up, it won't be long before we see wearable technology playing a major role in the workplace.

The number of internet-connected devices at work is increasing, and so are the security risks.

In fact, some experts expect this phenomenon to mimic the bring-your-own-device (BYOD) conundrum. 

>See also: Wearable technology: looking at the data behind the buzz

The security challenges of wearable devices are at once both brand new and a reprisal of the same struggles enterprises faced when employees started using their own smartphones and tablets to increase their productivity and satisfaction at work.

Now, IT must return to the strategies and lessons learned from the BYOD challenge to help them manage and secure company data in the age of IoT.

What wearables mean to enterprises

Businesses have spent years figuring out how to secure their data in a landscape where more and more employees choose to edit, collaborate and share files via their own smartphones, tablets and laptops.

Some companies are further along than others in carving out their BYOD policies, but almost all businesses need to get ready for what’s coming next.

Consumers are embracing wearable devices, and early adopters have already begun to experiment with ways to use their smartwatches, smartglasses, activity trackers and other products at work.

It’s time for enterprises to begin crafting their wear-your-own-device (WYOD) policies to ensure that sensitive data isn’t compromised by their employees’ wearable computers.

But first, IT teams need to understand how and why line-of-business users might leverage WYOD.

For example, an engineer in a manufacturing business might like the hands-free option of a product like Google Glass. Whereas such an employee might once have printed product designs or carried them on his tablet to his workstation, Google Glass would allow him to view step-by-step product instructions right in front of him as he works.

The engineering process would become safer and more efficient, although the security of those product designs would become questionable without IT action.

In the healthcare field, patients and doctors are already embracing wearables. A patient using a smart watch, for example, can give her doctor real-time data about her vital signs, including her heart rate, breathing levels, sleep patterns and body-temperature. That data can help the doctor customise her treatment and assess her progress.

>See also: Cyber security guide to the 10 most disruptive enterprise technologies

However, all of that data is regulated by privacy laws, and healthcare practices and hospitals need policies to ensure they stay in compliance.

In the entertainment business, actors could soon be accessing scripts via headsets so they can use their hands to get into character.

In the transportation market, internet-connected wristbands could track the sleep patterns of drivers to ensure that they actually take breaks to rest before getting back on the road.

In virtually every industry, wearables bring the promise of increased productivity, safer operations and enhanced collaboration. Unfortunately, they also bring security risks.

A brief history of BYOD and its security lessons

This is similar to the scenarios that played out around BYOD. Workers wanted the productivity and collaboration benefits of using their own smartphones and tablets, but enterprises feared that employees would share files and collaborate over insecure cloud services, putting companies and their customers at risk.

First came access – users began using everything from their personal email accounts to file sync-and-share services to get their content on their new devices.

Soon afterward, related tools emerged to work with that content, including optimised viewers, annotation tools, and fully fledged editing apps.

The data flows involved were largely invisible to the enterprise – at best, a proxy or firewall would see the content leave the corporate network on its way to places unknown. It wasn’t long before IT recognized the need for better controls.

Effective policies to manage BYOD addressed three areas. Firstly, secure and enterprise-grade file sharing.

Employees were familiar with the public cloud services that targeted consumers, and they wanted similar options at work. IT teams that tried to outlaw such services without offering better alternatives failed. Instead, smart companies gave their staff tools with familiar interfaces and benefits, but tighter security and integration with legacy content repositories, like file shares or SharePoint.

Secondly, they addressed the protection of employee productivity and satisfaction.

Staffers want their own devices on the job because they help them work faster and get better results. When enterprises tried to lock out personal smartphones and tablets on the job, they either failed outright as employees circumvented IT and tapped into the public cloud, or they succeeded at the expense of employee happiness and efficiency. More effective BYOD plans leveraged permission-based file-sharing technology that protected sensitive documents.

Thirdly, these policies addressed document-level protection. Many devices brought into the enterprise can be managed, but others cannot. For example, a board member’s tablet might be used to access corporate data, but IT is unlikely to be able to install mobile device management profile on that device.

By protecting data at the document level and wrapping every file in a layer of unobtrusive protection, organisations could protect data on unmanaged devices and in the hands of external collaborators.

The WYOD mandate for IT

Enterprises can and should apply these BYOD lessons to the wearable trends they are about to face.

Every pair of smart glasses, every smart watch and every activity tracker potentially makes it easier for hackers to access sensitive company data.

The security threats posed by these wearable devices are similar to those companies faced and managed when BYOD first presented itself.

>See also: WYOD - is your organisation prepared for the wearable onslaught?

For both types of products, IT teams need to develop policies and deliver technologies that let employees enjoy the benefits of these tools without risking sensitive company data.

Data-centric security is the best way to welcome smart devices into the workplace while still ensuring that files are protected wherever they travel.

With wearable device adoption on the rise and the usage predicted to grow quickly, enterprises would be wise to start hammering out their WYOD policies now.

 

Sourced from Ryan Kalember, WatchDox