Security and privacy of wearable technology

Wearables will infiltrate the enterprise whether an organisation is in favour of the trend or against it.

The current wave of enterprise mobility was defined by bring your own device (BYOD). But now it is wearables - rather than phones and tablets - that are making their way into the enterprise. Whether it is fitness bands, smart watches or Google Glass, so-called ‘wearable technology’ is making headlines. In fact, according to Deloitte Australia’s recent Tech Trends 2014 report, smart glasses, fitness bands and watches are likely to sell about 10 million units in 2014, generating $3 billion.

Unfortunately, with every wave of new technology we see new security threats, and wearables are no different. We are already seeing how the explosion of connected devices - under the banner of the Internet of Things - has opened up security vulnerabilities.

The deeply personal nature of wearables may well make them a very attractive proposition to cybercriminals. Beyond the data that is already on your phone or tablet, wearable devices are collecting a host of extra information. Detailed GPS logs don’t just reveal where you go and how fast you jog, they reveal which ATMs you stop at and which medical clinics you have visited. Access to your wearable devices will be valuable commodity for identity thieves and maybe even blackmailers.

When it comes to security, wearable technology is not all bad news. As well as risks, they present a number of new opportunities too. If an organisation can count on users having small, smart, personal devices with them at all times then it can use that as part of the way that it can identify the user. Demonstrations have been built using FitBit wristbands and Pebble watches as authentication tokens that allow for easier log-in to protected data on phones or tablets - and they can automatically lock the data again if you walk away from your device.

So what about the enterprise data? If an organisation keeps enterprise data in separate, encrypted containers on individuals’ phones or tablets, then it is possible to control where it goes next. That can mean controlling the flow of alerts to smart devices as well as controlling the flow of data between apps. Fine-grain policy controls will let companies trade off the risks and rewards of using these new devices.

As with the first wave of BYOD, wearables will infiltrate the enterprise whether an organisation is in favour of the trend or against it. It is approaching sooner than most companies realise, hence they need to start embracing the right tools to enable the next phase in enterprise mobility.

*Nicko van Someren is the CTO of Good Technology where he is in charge of technology strategy and research. Previously he served as chief security architect at Juniper Networks, responsible for leading the technology and design direction for network security products. Before that, he was founder and CTO of security technology company nCipher Plc. He is a fellow of the Royal Academy of Engineering and the British Computer Society.