Current Filter: Security>>>>>Feature>

   

"Businesses that allow their employees to bring their wearables to the workplace, or offer them to increase productivity in some cases (such as Tesco using such devices for inventory in the warehouses), are advised to treat them as any other device connected to the company network. Forecasts predict that 148 million units will be sold in 2019. They are becoming a 'must have' device for many people, as they try to motivate themselves to get more exercise done, find out more about their health etc."

IT departments are responsible for detecting connectivity between devices, to search solutions in order to secure communications and prevent attacks or other security incidents. "They should make sure that devices offered to users have remote-wipe and authentication capabilities, and that they inform users on the potential danger of their personal data being collected. Wearables could represent a perfect access point for external attackers, who can penetrate the network, exploiting the vulnerabilities of these devices."

To avoid that happening, IT departments and CSOs must take into consideration Enterprise Mobility Management (EMM) with Mobile Device Management and Mobile Application Management solutions that can control the notifications that are being sent from mobile devices to SmartWatches, for example, Foeckl advises.

"In theory, monitoring and controlling wearable tech in organisation's networks is doable and there are options on the market to secure them; besides, the experience with BYOD should be helpful, considering that WYOD is pretty similar. Once again, CSOs must be realistic and expect scepticism and even denial from employees when it comes to allow control over their personal devices."

THREAT MODELLING
While relying on firewalls alone to protect sensitive data has never worked, network controls have still been useful parts of organisations' security strategies for years, points out Amit Sethi, senior principal consultant at Cigital. "However, mobile devices and wearable devices do not exist behind corporate firewalls - at least not all the time. Employees can often be more productive, if they can access corporate data from these devices, which drives many organisations to accept or even encourage their use."

But how can organisations keep their data safe in this environment? "The first step is to perform threat modelling and architectural risk analysis on new applications, especially applications that will run on wearables that lack many of the protections and controls that we have grown accustomed to on modern platforms," says Sethi. "Of course, every wearable device is different and there is no single threat model that accurately represents a typical application running on a generic wearable device.

"Also, organisations need to focus on placing controls around sensitive data and not just around their networks… and to implement controls, such as audit trails that store details of when sensitive data is accessed, monitoring to detect anomalous behaviour and alerting to notify operators whenever suspicious data access occurs. These ideas are not new. However, organisations need to ensure that they understand the new technologies and threat landscapes in order to properly evaluate application architectures and implement the appropriate controls."

GLOBAL SUCCESS
Products such as the Apple Watch and the Fitbit have been such a global success that sales of wearable technology are expected to continue to climb throughout 2016 and beyond. A quick look at the statistics supports this, points out Mike Ellis, CEO, ForgeRock. "An NPD report found that 52% of people asked are familiar with wearable technology and, among those, a third said they would think about buying one.

"Wearable technology should be seen as a great opportunity," argues Ellis. "There are potentially negative impacts of wearable technology, such as security risks and network overload, but overall it is a great prospect. Connected device offerings will continue to grow and, with this, so will the list of commercial opportunities for UK businesses keen to invest in consumer-facing identity software."

Page   1  2