Q
Get started Bring yourself up to speed with our introductory content.

Wearables security: Do enterprises need a separate WYOD policy?

Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.

With wearable technology becoming more readily available and mainstream, what are some of the security concerns...

enterprises should be aware of? Should enterprises create a wearables security policy?

Wearable technology -- think smartwatches, fitness trackers and smart glasses -- is one of the fastest growing IT trends, and adoption in the workplace could well mirror that of the smartphone. This raises new concerns for businesses around security, privacy and compliance. Many wearable devices can store and transfer data, but often don't come with built-in security options such as PIN protection or user authentication features, and they usually store data locally without encryption. Wearable devices also allow users to easily and discreetly record video and audio, while captured location information could provide a malicious user with details about daily routines as well as someone's current location.

Although there haven't been any major publicized attacks involving wearables yet, as the technology becomes more widely incorporated into business environments and processes, hackers will no doubt look to access the data wearables hold or use them as an entry point into a corporate network.

As with any new technology, organizations should conduct a comprehensive assessment of personal privacy and business data risks and compliance, as well as determine whether the use of wearables will benefit employees and add value to the business before spending the resources to secure it. Managing a multitude of new and different devices is a big challenge that has resourcing implications; administrators will need to understand the capabilities and security requirements for each device. Bear in mind, though, that banning wearable technology outright may well drive employees from shadow IT to rogue IT -- which is much harder to deal with.

In the near-term, most wearable technology will need a companion smartphone to connect to the Internet, which couples it very tightly to BYOD. As a result, existing workplace social networking, safe computing and BYOD usage policies are a good first step at managing wearables security in the workplace. A separate wear your own device (WYOD) policy will need to be created, though, to cover the differences in functionality and mode of operation. The acceptable usage policy needs to clearly define employees' responsibilities and what they can and can't do using various wearable devices. For example:

  • Define which types of employees will be allowed to use wearable technology.
  • State where they can and can't be used -- certain capabilities may need to be restricted in certain areas.
  • Only allow access to enterprise content via approved apps that include user authentication and a secure content container.
  • Ban contractors from using wearables to collect videos, still images, audio recordings or other types of information about the business, customers or employees.

Employees will also need to understand the business purpose for using wearables, the information the devices collect and the privacy protections that have been established for their use. Provide employee security and privacy training specifically for those using wearables, and ensure only the minimum amount of data is collected necessary to support business tasks. The policy will only be truly effective, though, if it's enforced -- so be sure to update network security controls to detect and control the movement of data to and from wearable devices. Features like an automatic wipe or biometric authentication will help reduce the attractiveness of stolen devices by ensuring a device is rendered useless if stolen.

Enterprises certainly need to prepare now for the impact of wearable security risks on IT infrastructures; it creates another attack vector that needs defending. Although existing security policies and controls may cover many of the concerns applicable to wearable technology, they will need updating to cover the distinct functionality these devices deliver. Finally, having well-tested plans in place to detect, prevent and remediate a data breach quickly is increasingly important in the WYOD world.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn about the data governance challenges wearables present

This was last published in August 2015

Dig Deeper on BYOD and mobile device security best practices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your enterprise have a WYOD policy yet? What security measures does it include?
Cancel
My feeling is that your WYOD policy should go beyond your BYOD policy because of the privacy concerns present. Many WYOD devices are enabled to take photos, video and/or audio automatically. That's going to require a separate policy.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close