This article was originally published on CFO.com.
Another challenge for the IT department: wearable technologies and the security issues they trigger.
There was a lot of attention on various kinds of wearable technology at this year’s Consumer Electronics Show (CES) in Las Vegas.
Smart watches, fitness and exercise monitors, phone apps, cameras and head-mounted information displays were all being touted as an adjunct to the “connected human.” Tied together in a wireless “personal area network” and linked to the Internet via cellular or Wi-Fi connections (and generally smart enough to know which to use when there’s a choice) these devices don’t yet talk to each other seamlessly, but they’re starting to do so, at least if they’re all from the same vendor.
While there are a lot of potential convenience and productivity benefits here, I’m concerned that there’s also a worrying downside to wearables, especially for enterprises.
First, there’s the distraction factor. One of the major contributors to the crush at CES was attendees using their phone as a navigation aid. You see this all the time, everywhere these days. Humans don’t multitask well, and while you’re looking at your phone to see where to go next, you’re not looking at your surroundings and where you’re actually going.
I saw this called “iPolar” disease last year, and it’s a self-induced form of accidents waiting to happen. The more wearable devices that vie for a person’s attention, the worse this is likely to get. And I don’t think that the highly touted Google Glass approach, bringing the information to eye level, is going to help much: getting augmented reality right will take years of experimentation, some acquired new cognitive skills, and a lot of bruises.
Perhaps more important is the security challenge of wearables. Not only do we need to decide if it’s OK to have people walking around the world continuously recording what they see and hear, we also need to ensure that their wearables only connect to the things they are allowed to (if they’re allowed to connect at all).
We have already seen software that can work out a password by watching a video of the user typing it on a keyboard. So single-factor and probably dual-factor authentication (the spying software also reads the user ID from keystrokes or directly from the screen) won’t be enough. We will have to start using encrypted one-time tokens or smart cards and biometrics.
And as if portable, high-capacity USB drives aren’t enough of a problem, miniature cameras with lots of onboard flash storage and high speed Wi-Fi inevitably multiply the number and type of security holes chief information officers have to deal with.
For example, it’s not clear to me whether the information accumulated by an employee’s wearable device belongs to the employee or their employer. I would bet that it’s going to be subject to discovery in litigation. And think about all the incidental evidence related to workplace behavior (good, bad and indifferent) that could be created. Better get human resources thinking about this one.
Here comes the next generation of BYOD technology, arriving before we have really come to grips with the complexities associated with employee-owned phones and laptops.
So…does your company have a policy for the permissible use of wearable technology? How does it plan to enforce whatever policy and processes management devises? Will the company need different rules for staff and guests? Has the company thought about what could be deduced from an analysis of the activities (time spent moving vs. time spent sitting still during the workday) of key managers and employees? Wearables will inevitably be hackable, so data will leak. How will IT know when that happens? How will it respond?
Wearable tech is coming, so now’s the time to start thinking about how to deal with it. Policy, process, practices. Education. Defenses. Better get started.