Wearables, enterprise and security: The IT vendor’s perspective
Enterprise AppsTech speaks with Stephen Brown, director of product management at LANDesk, to discuss how the IT department will see wearable devices in a post-BYOD world, and whether enterprise or consumer provides the best use cases
In a BYOD-friendly office, the IT department has plenty on its plate with fragmentation, security policies and device management. With wearable devices threatening to push into the mainstream and enter the workplace, will it push the admin over the edge? Or will security not be as much of an issue?
Stephen Brown is director of product management at IT management provider LANDesk. He sees the easiest way of protecting wearable devices in the enterprise as segmenting the network. “Untrusted, or unmanaged devices, can go across the network in a way that’s separate from the core assets of the business,” he tells Enterprise AppsTech.
Yet he also mentions software updates as a possible issue. Anything that is built on software has possible exposure to a vulnerability exploit, but while most wearable devices connected via Wi-Fi will update by themselves should wearables be self-updating?
“I see a heavy prevalence of wearables being self-updating, and so it takes the end user out of the process, but again I think the segmentation of the network provides some of that protection, at least from a business perspective,” Brown says.
“From a consumer perspective the primary concern really ought to be privacy, and understanding what type of data is being gathered and communicated via those wearables.
“I’ve seen a lot of information around business wearables, they’re transmitting all sorts of personal data, and I think it’s really a matter of consumers understanding what the wearables are doing, what data’s being transmittd to where, and making sure they’re comfortable with the implications of those communications,” he adds.
A recent study from Symantec revealed how one in five apps on wearable technology spat out user credentials in clear text, so the security implications are certainly well-founded.
Brown, however, sees the average IT administrator in one of two camps – either ‘don’t care’ or very strict. There’s no middle ground.
“If you can control how you get on the network, and there’s many ways you can do that, whether through authentication, or access control, certificates – there’s many ways to control if end users can put the device on the network or not, so that’s one way of saying ‘we don’t accept wearables’,” Brown explains.
“I’ve seen this from a smartphone, tablet, BYOD perspective,” he adds. “One way to facilitate that is to say ‘sure we’ll get your devices on the network, but they’ll be on the network that’s not connected to the corporate assets and corporate resources’.”
Brown admits that photography through wearable devices – being able to take a picture on Google Glass just by blinking, for instance – is “a little bit more difficult to control.”
“You’ve seen policies around smartphone and dumb cameras for years,” he notes.
“It’s more of an employee education. In the case of the wearables where they’re automatically updating, pushing things to the cloud, you could intercept,” he says, pausing, before adding: “Although in the case of Google Glass, it appears to be dependent upon a smartphone for certain elements of its functionality, so you have to take two devices into consideration at that point.”
With all this security and education in mind, however, hacks will happen. Good Technology CTO Nicko van Someren, writing for CNBC, argued one of the more tempting aspects of hacking wearables was the information available – there won’t be much, but what there is would be juicy, sensitive data.
From a hacking standpoint however, Brown sees wearable devices as an entry point into other devices. “You get into one device and you branch off into another,” he notes.
Above all, though, education appears to be the key, for IT, the C-level and the end user.
“It’s like anything else. If somebody wants to compromise the business, especially an employee who has privileged access, whether it’s a wearable or someone taking a dumb, old school digital camera and snapping pictures, that’s really where you have to fall back and try vetting of employees, education, and that kind of stuff.
“I think the key area of wearables is understanding, getting control of the networks, and also what you’re doing on some of these mobile devices where the wearables are going to interface.”
- » Advice for the CIO: On making security an issue for everyone
- » Keeping tabs on the key pillars of enterprise mobility
- » Debunking the five most common myths associated with enterprise mobile apps
- » Appthority warns of ‘HospitalGown’ vulnerability for enterprise backends
- » Gartner’s 2017 EMM Magic Quadrant: And then there were four?