Wearable Tech: Are You Wearing Your Next Security Breach ‘On Your Sleeve’?

Posted by James O'Brien on November 12, 2013

What is your IT department doing about Google Glass? What do your admins know about smart watches, from Samsung to Sony? Is your company ready for wearable tech?

 

Wearable web-connected devices are here, and they're not going anywhere. Some analysts predict this market will hit $19 billion by 2018, bringing a new spectrum of data-security concerns with it.

 

For a look at how this new wave of mobile will break for IT admins, let's turn to experts who are working on the issues raised by wearable tech. We'll examine some key sensitivities, as well as some helpful strategies.

 

What Changes for IT Security?

"I look at all devices as endpoints," said Rick Dote, chief information security officer at DMI. "And there are protection standards for endpoints for encryption, credentials, and vulnerability management. If there are ways to lock down or monitor devices, insert strong credentials, and encrypt, then I don't have a problem."

 

But how exactly IT admins will have to lock down wearable tech is still murky, as it’s unclear whether employees will actually enter passwords for apps such as SharePoint through devices like Google Glass.

 

"But if so, then does it meet my standards for 'strong' credentials?" said Doten. "If I can make it work, then fine; if not, then they can't access it."

 

Similarly, what if an employee wants to get their email from their smart watch? Is some or all of that data stored on the watch, and, if so, does it meet a given IT department's protection standards? IT departments may be forced to limit what data can be stored on wearable devices.

 

"Additionally, because these devices have little, if any, security solutions, they can be easily hacked and data could be obtained without the user's knowledge," explained Jerry Irvine, chief information officer at Prescient Solutions. "Also, because of the lack of security software and access to control solutions, if these devices are breached they could infect other devices on the company’s network."

 

Wearable Strategies: Key Steps

When it comes to heading off wearable tech's potential nightmares at the pass, the good news is that a lot of the probable best practices are going to sound familiar. But there are also new frontiers.

 

For some advice, we turned to Irvine, as well as Brian Foster, chief technology officer at Damballa, and Christopher Budd, threats communication manager with Trend Micro. Here's what they recommended:

 

  • Authenticate. Require multi-form factor authentication for all in-house applications. "Smart phones and wearable technologies may not require passwords, and have limited access controls," said Irvine. "However, applications can mitigate this risk by performing their own higher levels of authentication and access controls."
  • Re-configure. When allowing wearable technology to be used in-house, require the Internet connection to be configured to use the company’s network, Irvine also suggested. For example, configure a smartphone to access the company Wi-Fi and then tether the wearable device so that it uses the company’s network. Once this is completed, IT will have the ability to monitor and filter the communications link of the wearable device.
  • Concentrate. According to Foster, IT should consider shifting its focus, control, and budget to the areas that it can still directly limit. "IT should work under the assumption that these devices are infected [and/or] unprotected and on their network," he said. "With that assumption, IT needs to invest in network behavioral detection in order to protect the 'crown jewels'!"
  • Cooperate. Wearable tech is part of what we call the Internet of Everything, the connecting of things other than computers to the web. The more the Internet of Everything becomes real, the more online threats have real-world consequences. "So, IT should work ever more closely with groups that have concerns about real-world consequences." said Budd. "HR, legal, and the physical security group [should] form comprehensive responses to these evolving threats."

 

No matter which specific products take root, IT admins will soon be looking at the ways their company's policies work through a whole new, wearable lens.

Posted in: News

Close

Sign Up for The Plug eNewsletter

Stay connected to the IT news that matters most.

Thank you

You have been sent a confirmation email to the address provided. To start receiving The Plug eNewsletter, confirm the address by clicking the link in the email.