Computing devices have evolved remarkably in this century. They have moved from our desktop to our laps, then to our pockets and now onto our bodies.
Research and market intelligence company, IDC estimates that the wearable devices market will reach a total of 19.2 million units in 2014, driven primarily by gadgets such as Fitbit devices or Jawbone's UP bracelet.
If industry predictions run true, 2014 will be the year that wearable technology really takes off. Earlier this month Google kicked off its first big come-one-come-all Google Glass sale, opening up the future-forward devices to people beyond the few thousand initially chosen to be beta explorers.
In just a few hours, Google claimed that all the Glasses sold out. And if the media rumblings are true, we should soon see Apple entering the wearable tech scene with its iWatch product that has been hotly anticipated for some time.
But as people connect more and more to the internet, it’s important to be mindful of the risks and implications of these new devices. Fitness bands that monitor and capture information about movement using GPS can provide a malicious user with details about our daily routines and patterns as well as our current location.
Beyond these questions around data protection and privacy, there’s the huge enterprise question of what the security implications of connecting these kinds of devices to the corporate infrastructure will be. And for the IT team that is already defending their organisations from ever more sophisticated cyber criminals, wearable technology is just another attack vector that needs defending.
As an extension of BYOD, businesses should already have information and network-security policies in place to cover many of the concerns applicable to wearable technology. Although most IT departments already have guidelines that address such issues as workplace social networking, safe computing and BYOD usage, wearable technology raises several questions for the further development of these standards.
For instance, will all employees be allowed to use wearable technology, or will certain types of employees be barred from doing so? Will anyone be required to use it to do their job? And how will personnel be identified and approved for its use?
In addition, businesses should think about whether to restrict capabilities, such as by disabling certain features and figuring out where in the organisation wearable technology will be allowed or prohibited.
However, despite the potential risks, the benefits of BYOD and wearable technology are often too strong to ignore. In order to retain control in this mobile world, IT security professionals must be able to see everything in their environment, so they can establish risk level and then secure it appropriately.
For most enterprises, the right solution is to implement policies that clearly define the proper use of employee-owned devices in the enterprise and then have enough checks and controls in place to enforce those policies.
At the end of the day, security of mobile devices is ultimately a question of three phases: before (establishing control over how mobile devices are used and what data they can access and store); during (visibility and intelligence is vital if security professionals can hope to identify and monitor threats on the corporate network); and after (retrospectively review how that threat entered the network and what it did).
Where IT security is concerned there is no silver bullet, and as cyber criminals become ever more cunning, it is a major challenge for organisations to stay one step ahead.
However, increasingly it’s the way companies deal with hacking incidents when they happen that really matters. Having smart plans in place to detect, prevent and if necessary remediate quickly can mean the difference between a minor technology hiccup and a full system meltdown.
Sourced from Sean Newman, security strategy, Cisco