freshidea - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Should a Google Glass security policy be at the ready?

Though perhaps a ways off, it may be worthwhile to prepare a Google Glass security policy now, before it's a problem. Expert Joseph Granneman explains what to expect.

Google Glass hasn't popped up yet in our organization, but I feel like it's only a matter of time. Should I have a Google Glass security policy ready? What are the risks the gadget most likely poses?

No one had ever considered the security implications of BYOD when the iPhone was introduced in 2007. IT departments everywhere started to get demands from employees to get these new devices on the company network. The iPhone was expensive, so the early adopters tended to be managers and executives who could bypass company security policies. Information security professionals were left in a mad scramble to find ways to protect company data on these new devices. Google Glass could have the same type of impact, but this time, information security departments should be prepared with policies in advance.

Google Glass may not be as popular the original iPhone, but it represents a new form factor for technology in that it is worn by the user. The policies that need to be developed should address this broader category of wearable technology security and not just focus on Google Glass. Many of the existing policies in place to cover mobile devices can be modified to include wearable devices. These policies would include restrictions on employees taking pictures or video of company property and using the devices on company time. Currently, the only way to prevent personal usage of Google Glass would be to require the employee to remove the device while on duty. This works until Google integrates Glass with prescription lenses and thus adds further complications.

The rate of smartphone adoption after the initial iPhone surprised everyone. These devices introduced many new types of threats to companies, yet their adoption was so rapid that the demand overwhelmed information security departments. Google Glass takes the smartphone risks to a new level. The camera is still there, but it is more discreet than a smartphone. Google Glass contains the same types of sensors as a smartphone, but now includes eye tracking, so the camera not only sees what users are viewing but knows where they are focusing their attention. This feature dramatically increases the potential for industrial espionage.

One of the biggest concerns for Google Glass is the potential for a compromise by malware. The underlying operating system for Google Glass is based on Android, which will help both legitimate and malicious developers port their applications to this new platform. Android does not have a stellar reputation for security, but Google has continually improved the platform since its introduction. The situation will worsen when the inevitable imitator products are introduced without Google's focus on improving security. Would anyone really want the Google Glass equivalent to the generic $60 Android tablet in their corporate environment?

Information security departments should prepare for Google Glass by developing strategies and policies now. These policies should not focus just on the Google device but should include all wearable technology. These products take mobile device risk to a higher level with new types of sensors and the same types of vulnerabilities. The imitator products will not be far behind, so it is important to act quickly to avoid being overwhelmed as we were in 2007 by the iPhone introduction.

Ask the Expert!
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

Next Steps

Get to know wearable technologies like Google Glass.

This was last published in October 2014

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I think the right question is whether a security policy for all new technology should be at the ready - limiting to just Google Glass (or any other product) is not going to be as effective. It'll also be too easy to put off, because you can say 'oh, we're not going to use Google Glass', when really you should be thinking about all potential similar tech coming around the bend.
Creating new policies for specific technologies - be it Google Glass, IoT, "cybersecurity", etc. is an exercise in keeping busy and not much else...Instead, create policies at a higher-level than can address ALL new technologies, not just the latest cutesy names vendors come up with for the same old computing devices. More resources on security policy creation and management here.