Top 10 Wearable Issues CIO needs to address- One-third of the organizations surveyed have revealed they have more than 5,000 connected devices. Cisco predicts there will be more than 600 million wearable devices in use by 2020. These facts present a set of challenges for CIOs and IT enterprises of all sizes.
Janco has found that fewer than 1/3 of all organizations have policies in place for use of wearable devices on and off premises. What good is having a security guard check a briefcase at the door when the individual can be wearing or carrying a device that can caputre data, video, photos, and audio?
Top 10 issues
- Easy physical access to data - Once data is on the device (often without encryption) it can easily be accessed by anyone who can connect to the device.
- Records management, retention, and destruction - policy is compromised by a lack of controls on security management of critical data.
- Business continuity is significantly more complex - in an environment where wearable devices has access and depend on connectivity to the "corporate" data bases and cloud interfaces
- Photos, videos and audio can be captured without anyone knowing it - With the discreet abilities that many modern wearable devices have in terms of video and audio surveillance surpass high-end equipment from just a few years ago. It's easy for someone to surreptitiously take photographs or record video or audio files using something like a smartwatch or smart glasses. Covert capture of confidential information, and videos and images of sensitive areas, is a very real possibility.
- Instant access to outside WiFi and cellular systems facilitates rapid dissemination - With SD cards like Eye-Fi data, audio, and video can be downloaded immediately to the internet.
- Insecure wireless connectivity - Most wearable devices connect to smartphones or tablets wirelessly using protocols such as Bluetooth, NFC and WiFi creates another potential point of entry. Bluetooth on many smartphones is turned on all the time now so they can sync with the wearable, but what else could be connecting?
- Lack of encryption - There is a lack of encryption on most wearable devices, in addition data in transit when it's being synced and with data being stored on manufacturer's or service provider's cloud servers.
- Lack of formal policies with limited regulation or compliance - Security issues associated with wearables, for the most part, yet have to be addressed by the most manufacturers. Companies suffering a data breach that breaks compliance or regulatory requirements for their specific industry currently can shift the blame onto wearables. Ignorance of wearable device security and manufacturer or third-party app policy is no defense.
- Software and Firmware version control - Many wearables run their own operating system and applications. As wearable devices become more common, they'll also become bigger targets for hackers. The same principles that apply to keeping the software on your desktops, laptops, smartphones and tablets fully patched and up to date to avoid the latest vulnerabilities also apply to wearables. But there's a lack of insight and policy to cater for this issue right now.
- Current MDM Policies Don't Cover Wearables - CIOs and CSO can assume that MDM (mobile device management) systems developed to deal with the BYOD trend can also cater to this influx of wearables. Banning or restricting features is not a sound long-term strategy, so companies need to rethink policies, draft new plans and employ new services to deal with mobile device management.