| |||||||||
| |||||||||
Current Filter: Security>>>>>Feature> Be wary of wearables Editorial Type: Industry Focus Date: 01-2016 Views: 2459 Key Topics: Security Mobile Devices Wearable Devices Wearable technologies Key Companies: CoSoSys Cigital NetMotion Wireless ForgeRock Key Products: Key Industries: Health | |||
| Wearables are the latest big innovation for the mobile devices market. But they bring substantial security threats with them The competition to build the greatest SmartWatch, the best SmartBand, SmartGlasses etc. puts a lot of pressure on vendors to innovate and bring unique features, treating security with low priority, warns Roman Foeckl, founder and CEO at CoSoSys and co-founder at Onyx Beacon. "Businesses that allow their employees to bring their wearables to the workplace, or offer them to increase productivity in some cases (such as Tesco using such devices for inventory in the warehouses), are advised to treat them as any other device connected to the company network. Forecasts predict that 148 million units will be sold in 2019. They are becoming a 'must have' device for many people, as they try to motivate themselves to get more exercise done, find out more about their health etc." IT departments are responsible for detecting connectivity between devices, to search solutions in order to secure communications and prevent attacks or other security incidents. "They should make sure that devices offered to users have remote-wipe and authentication capabilities, and that they inform users on the potential danger of their personal data being collected. Wearables could represent a perfect access point for external attackers, who can penetrate the network, exploiting the vulnerabilities of these devices." To avoid that happening, IT departments and CSOs must take into consideration Enterprise Mobility Management (EMM) with Mobile Device Management and Mobile Application Management solutions that can control the notifications that are being sent from mobile devices to SmartWatches, for example, Foeckl advises. "In theory, monitoring and controlling wearable tech in organisation's networks is doable and there are options on the market to secure them; besides, the experience with BYOD should be helpful, considering that WYOD is pretty similar. Once again, CSOs must be realistic and expect scepticism and even denial from employees when it comes to allow control over their personal devices."
THREAT MODELLING But how can organisations keep their data safe in this environment? "The first step is to perform threat modelling and architectural risk analysis on new applications, especially applications that will run on wearables that lack many of the protections and controls that we have grown accustomed to on modern platforms," says Sethi. "Of course, every wearable device is different and there is no single threat model that accurately represents a typical application running on a generic wearable device. "Also, organisations need to focus on placing controls around sensitive data and not just around their networks… and to implement controls, such as audit trails that store details of when sensitive data is accessed, monitoring to detect anomalous behaviour and alerting to notify operators whenever suspicious data access occurs. These ideas are not new. However, organisations need to ensure that they understand the new technologies and threat landscapes in order to properly evaluate application architectures and implement the appropriate controls."
GLOBAL SUCCESS "Wearable technology should be seen as a great opportunity," argues Ellis. "There are potentially negative impacts of wearable technology, such as security risks and network overload, but overall it is a great prospect. Connected device offerings will continue to grow and, with this, so will the list of commercial opportunities for UK businesses keen to invest in consumer-facing identity software."
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |