Originally published on Channelnomics.com – http://www.channelnomics.com/channelnomics-us/analysis/2411585/wearables-in-the-enterprise-security-nightingale-or-nightmare | Written by: Howard Fast | 04 June 2015
Like it or not, wearables are coming to the enterprise, but what role will solution providers have in ensuring they don’t become a security nightmare?
When Apple and IBM decided a year ago to ceremoniously lay down their swords to collaborate on enterprise mobility, neither mentioned the inevitable flood of wearables certain to hit businesses in a fittingly disruptive way, perhaps one day in numbers equivalent to smartphones and tablets.
But maybe they should have piqued our curiosity, even a little, especially given the subsequent hubbub surrounding the Apple Watch.
By most measures, there’s no denying that wearable devices, gadgets and objects, already catching hold among consumers, are soon to enter the enterprise in numbers large enough to prompt stepped-up security processes and BYOD policy adjustments. Researcher ABI isn’t alone in forecasting hefty wearables growth, projecting manufacturers will ship some 485 million units by 2018 and produce $19 billion in sales by 2019 at a compound annual growth rate of 56.1 percent.
Rosy forecasts notwithstanding, the security questions wearables present to the enterprise may be equally as provocative as the solutions they promise to deliver. As more workers and executives begin toting smart glasses, cameras, smart watches, sports and activity trackers and the like in the workplace, will they bring along security nightmares? Or, will the enterprise’s BYOD experience with smartphones and tablets enable a seamless, trouble-free co-existence of wearables in business settings?
In other words, exactly how will internal security specialists and channel partners solve the security problems wearables pose? Even if wearables prove to boost employee efficiency and cost savings in sectors such as retail, manufacturing, real estate, construction, healthcare, logistics and law enforcement – as the segment’s most ardent supporters claim – will it be worth the associated security risks?
“If I were a bad guy, wearables would be the perfect opportunity,” says security and investigations specialist Brandon Gregg. “With wearables, you can have anyone under surveillance 24/7. Smartwatches are just another way [for cyber intruders] to get your information and examine your patterns.
“Anytime someone installs a new app or activates a new smartwatch, a million new doors and windows open up,” says Gregg. “In the enterprise, if you allow that kind of atmosphere, you’re just asking for it. Each company will have to assess their own risk with wearables and may have to compartmentalize – some departments get them but others don’t.”
Still, what if the increased productivity and efficiency lure of wearables entering the enterprise simply is too enticing for businesses to ignore? What can all manner of enterprises do to accommodate the flood of devices, yet avoid the potential security damage?
“We’re entering a wave of more personal devices for wearable computing where enterprises won’t be left with a choice but to embrace managing and securing them with policies,” says Eric Aarrestad, VP and general manager of Heat Software’s Unified Endpoint Management Business Unit.
“The sheer number of devices and variety of platforms is increasing exponentially, making it more challenging from an enterprise perspective to manage and secure them and to implement policies. Right now, enterprise adoption of wearables is limited, but it won’t be long until current enterprise apps on wearables changes that.
“Wearables will need to be managed as an extension of an enterprise’s current BYOD policies – the tools you adopt now, such as endpoint management, will allow you to do that.”
The task ahead, says Aarrestad, is to “fit wearables into a larger security policy. As we think about application control, device control, third-party discovery, everything that applies to mobile also applies to wearables”.
It’s here that channel partners such as Bayside Solutions, a Florida-based security solution provider, play a vital role in advising corporate customers, says CEO Dan Doyle.
“Wearables further complicate the issues of BYOD,” he says. “So many organizations permit BYOD across the enterprise, yet relatively few address the issue with policies or apply the necessary controls to mitigate the associated risk of allowing BYOD.
“We see new potential vectors such as Bluetooth Low Energy that could become an [opening] for malware introduction, data exfiltration and tracking to allow a perpetrator to better plan a malicious activity,” Doyle notes. “In some high-trust environments, such as government, wearables likely won’t be permitted.”
It’s possible wearables may be even more restricted than limiting deployment to certain environments or departments, according to Krish Kupathil, CEO, Mobiliya Technologies. In fact, Kupathil believes that businesses by necessity will exercise tight control over wearables distribution and use.
“In the years ahead, most wearable devices used in the enterprise will be corporately owned and will fulfill a special need,” he says. “This means ensuring security and device manageability are extended to wearable devices and creating applications that can make use of these devices for better [performance].”
Wearables-equipped enterprises will need to adopt a custom ROM system that can provide “features as a layer of security to encrypt, isolate and remotely manage enterprise data and [built-in] manageability with remote, central control of these devices”, advocates Kupathil.
Ultimately, an enterprise’s wearables security profile may come down to the use case itself, says Jim Haviland, CSO at MSP Vox Mobile.
“The big question with wearables for enterprises is how am I going to create a secure environment for this use case?” he says. “Everyone has to face that.”
Mobile devices and wearables challenge the traditional ways of security thinking when it comes to securing data and access to data, he says.
“With mobile devices, and wearables in particular, the most important part is managing identity and access. For wearables to be a positive component device, you must know if it’s on the correct wrist and being controlled by the correct person,” he points out.
Haviland adds that Vox undoubtedly will have clients that will say “no wearables allowed in the building”. But instead they should be asking about the best way to use wearables to better get their work done, he says.
As such, the opportunity for channel partners is to provide solutions that help enterprises to get a handle on the proliferation of wearable devices headed their way and how best to use them. Without doubt, businesses will look to partners to help them get there, hopefully before the flood hits.