The Business Times Singapore
September 30, 2013
Wearable tech such as Google Glass may be the playthings of the future, but they could bring much grief to companies.
Industry observers warn that the rise of consumer products that combine technology with wearable accessories may present new security risks to firms.
"As with any new form of technology, there is always an inherent risk. With wearable tech, the trade-off for mobility and convenience is security," said Arun Kundu, professional services director, Asia Pacific, at Verizon Enterprise Solutions.
"For example, a wearable tech product such as the Google Glass would require a greater degree of automation in the absence of a keypad. While automation increases, it also means anyone with the intent to compromise your data security can do so with something as simple as a malware embedded in a QR code," he added.
The concept of wearable tech is not an entirely new innovation, since such devices used to exist for fitness purposes. The Nike+ FuelBand, for example, can be worn around the wrist to track the distance someone has run. Now, more high-tech wearables are appearing on the market; Google Glass, Samsung's Galaxy Gear and Qualcom's Toq smartwatches are among the few that have got people talking.
A report from Juniper Research predicts that wearable tech shipments will grow 10-fold, reaching 150 million devices by 2018. With growing public interest in such devices, companies must stay ahead on the curve and prepare themselves for the challenges posed by wearable tech in the workplace.
According to the Symantec Internet Security Threat Report, volume 18, some 32% of all mobile threats attempt to steal information.
Eugene Teo, manager of security response, Asia Pacific and Japan at Symantec, said a potential threat comes from connecting to rogue WiFi access points which can be set up by cyber criminals to steal personal or financial information, such as access codes, personal identification numbers and passwords.
To Steve Lam, advisory partner at EY, a big concern in wearable tech centers around the issue of privacy.
"With such devices, we can imagine it is now possible and convenient to do an unobtrusive video or audio recording of computer screens and closed-door meetings," he said.
Several companies BT spoke to had mixed reactions to the impact of wearable tech on their workplaces.
Ifor Evans, chief technology officer of PropertyGuru Group, said his firm is not putting a lot of effort into coping with security challenges posed by wearable tech yet as these devices are "still so thin on the ground".
"We are currently working towards a policy on BYOD (Bring Your Own Device) but nothing is in place or set yet," he said, adding that cost was a consideration because a large number of devices may potentially have to be supported by an IT department.
Daniel Sim, associate manager, sustainability incubation hub, Fuji Xerox, reckons that the company's BYOD policy will have to change to cope with new challenges.
"Our application security team will regularly review and monitor the situation and work closely with HR and IT departments to establish a secure data environment and the right of use for the various BYOD platforms in place to mitigate the risks. New security applications will be added accordingly with the rise of wearable tech," he said.
While wearable tech is still in its infancy, analysts believe that companies should take a proactive approach in dealing with the phenomenon.
"There will be additional risks, particularly for organizations that do not already have a BYOD initiative and whose sole security strategy is reliant primarily on having a defensive perimeter around network assets," said EY's Lam.
As the trend of wearable devices catches on, it might soon be commonplace for employees to own them. The rise in numbers of smartwatches connecting at work may mean that firms will need to upgrade or overhaul their wireless infrastructure to avoid them becoming overloaded. The wearable devices will also be syncing and sharing data with laptops and tablets through WiFi, resulting in a possibility of viruses spreading across networks.
Said Teo of Symantec: "IT departments looking to protect their enterprise environment while supporting mobile initiatives will need to plan an enterprise mobility strategy that takes several factors into account, such as user and app access, app and data protection, device management, threat protection and secure file-sharing. They will also need to consider best-practice security guidelines for using short-range wireless technology in wearable devices."
Song Chuang, research director of Gartner, suggests that rather than interfering with personal devices, apps and services such as personal cloud, enterprises should focus on isolating their data and protecting enterprise apps and data on personal and enterprise-owned devices.
"The isolation means that employees are free to use personal cloud apps in the personal space of their device and the enterprise can reduce the risk that enterprise apps will leak data into the personal space of the mobile device," he said.
Jason Brvenik, vice president of security strategy at Sourcefir, feels that wearable devices are additions to today's extended networks that include endpoints, mobile devices, virtual desktops and data centers.
"To protect extended networks as they continue to evolve requires that we think like an attacker and adopt a security model that is threat-centric, to address the extended network and the full attack continuum—before, during and after an attack," he said.
Quality News Today is an ASQ member benefit offering quality related news
from around the world every business day.