Chema Alonso, CEO of Telefonica subsidiary Eleven Paths, discusses the security implications of introducing a wear your own device (WYOD) policy
Many businesses have now successfully implemented and seen tangible benefits from Bring Your Own Device (BYOD) polices, from improved efficiency to increased collaboration.
However, there’s always a new IT trend around the corner and many companies are now focussed on how to capitalise on the burgeoning Wear Your Own Device (WYOD) trend.
As with all new trends businesses need to ensure they’re covering off a mental security check list to make sure that they’re suitably prepared for deployment and that they’re ready to hit the ground running to fully capitalise on the benefits.
Early adopters laying the framework
Big data is at the heart of WYOD, and unless properly managed WYOD has the potential to expose data to third-party companies; allowing them to get insight on people’s activities and events over time. In principle there could be significant security and privacy issues since key executives’ wearable devices could in theory be monitored by those plotting a cyber-attack in order to plan the most opportune moment to breach.
Many wearable devices are connected via apps with smartphones. As a result a bug in the device could help an attacker extract data from a smartphone, such as company emails, by using the wearable as an access point. It’s therefore imperative that before being used a smartwatch, or any other wearable device, passes a strict security audit. This will reduce exposure to potential vulnerabilities.
When Google Glass first launched we saw policies emerge to handle the obvious security and privacy risks involved in having staff members walking around the office with a camera connected to the Internet; but this was limited to those few organisations who adopted Google Glass. However, as yet few companies have had to face the challenge when it comes to smartwatches or bands, but this will undoubtedly change in the near future as the rate of adoption increases.
It’s important that businesses start laying the security frameworks now; establishing processes and policies that reflect the fact new devices can bring many opportunities to a business, but carefully balance this so that security vulnerabilities are minimised. This way they can ensure they have a robust and secure policy in place for when wearables become common in the workplace.
Back to the drawing board?
Adopting WYOD will involve a degree of redrawing company security polices – after all, it stands to reason that any device that sends data about an employee to a third-party server will have an impact on internal privacy policies. Wearables consist of many sensors, microphones and often small cameras, and therefore need to be handled just like any other computer, smartphone or tablet.
Wearables have the potential to become a significant risk for a company that doesn’t have the proper processes and information in place to manage and mitigate against security and privacy issues. The IT department needs to ensure that its policy is equally secure across its entire IT estate, and that wearables are given the same attention as office based servers and computers.
Privacy is the primary issue when businesses implement WYOD – a company must fundamentally understand what data can be accessed by any device, where it goes and how it’s used. As a second phase, organisations need to be confident that no hacker will be able to find a bug in the wearable and jump from the device to the network. We’ve seen this too many times in the recent past where hackers have been able to jump from thunderbolt devices to computers, from USBs to laptops or from the firmware of any embedded system to the network.
True value from data
Wearables will help businesses to become smarter in terms of agility, helping them to better manage their resources meaning they can be quicker in allocating and completing tasks. Those early Google Glass adopters saw them as a highly efficient way to carry out tasks with remote assistance, or to give remote advice to their personnel.
Wearables can also provide businesses much richer data in order to make better, more informed decisions, helping them paint a detailed picture of their organisation at any point in time and get true value from the data. But as already mentioned it is crucial companies have a clear understanding of who is receiving the device data and what they are doing with it.
Ultimately, businesses need to better understand the opportunities and risks related to wearables and also look to future-proof their policies. Failures early on could impact not just the security of a company but also have long-term consequences for the business as a whole. It´s very important for businesses to understand what wearables mean in their environment and plan ahead for how they will be used to benefit the whole organisation.
Chema Alonso is the CEO of Telefonica’s digital security company Eleven Paths
What do you know about the iPhone 6, iPhone 6 Plus and Apple Watch? Try our quiz!