freshidea - Fotolia
Google Glass hasn't popped up yet in our organization, but I feel like it's only a matter of time. Should I have a Google Glass security policy ready? What are the risks the gadget most likely poses?
No one had ever considered the security implications of BYOD when the iPhone was introduced in 2007. IT departments everywhere started to get demands from employees to get these new devices on the company network. The iPhone was expensive, so the early adopters tended to be managers and executives who could bypass company security policies. Information security professionals were left in a mad scramble to find ways to protect company data on these new devices. Google Glass could have the same type of impact, but this time, information security departments should be prepared with policies in advance.
Google Glass may not be as popular the original iPhone, but it represents a new form factor for technology in that it is worn by the user. The policies that need to be developed should address this broader category of wearable technology security and not just focus on Google Glass. Many of the existing policies in place to cover mobile devices can be modified to include wearable devices. These policies would include restrictions on employees taking pictures or video of company property and using the devices on company time. Currently, the only way to prevent personal usage of Google Glass would be to require the employee to remove the device while on duty. This works until Google integrates Glass with prescription lenses and thus adds further complications.
The rate of smartphone adoption after the initial iPhone surprised everyone. These devices introduced many new types of threats to companies, yet their adoption was so rapid that the demand overwhelmed information security departments. Google Glass takes the smartphone risks to a new level. The camera is still there, but it is more discreet than a smartphone. Google Glass contains the same types of sensors as a smartphone, but now includes eye tracking, so the camera not only sees what users are viewing but knows where they are focusing their attention. This feature dramatically increases the potential for industrial espionage.
One of the biggest concerns for Google Glass is the potential for a compromise by malware. The underlying operating system for Google Glass is based on Android, which will help both legitimate and malicious developers port their applications to this new platform. Android does not have a stellar reputation for security, but Google has continually improved the platform since its introduction. The situation will worsen when the inevitable imitator products are introduced without Google's focus on improving security. Would anyone really want the Google Glass equivalent to the generic $60 Android tablet in their corporate environment?
Information security departments should prepare for Google Glass by developing strategies and policies now. These policies should not focus just on the Google device but should include all wearable technology. These products take mobile device risk to a higher level with new types of sensors and the same types of vulnerabilities. The imitator products will not be far behind, so it is important to act quickly to avoid being overwhelmed as we were in 2007 by the iPhone introduction.
Ask the Expert!
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Get to know wearable technologies like Google Glass.
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.