Wearable tech & the risk it poses to enterprise data
Davey Winder explains why IT directors need to wise-up about including wearables in their organisation's BYOD security policies
Bring Your Own Device (BYOD) security problems have been overblown during the last few years. Sure, the increased uptake of cloud services and the pressure put on both budgets and staff expectations has led to more off grid devices appearing in the workplace. However, the use of them doesn't have to be a security nightmare; it just means the enterprise has to adjust its security posture accordingly to accommodate the risk.
The same goes for the 'Shadow IT' threat. None of which stops security vendor after security vendor from lining up to tell us all these things are a clear and present danger to enterprise data.
The latest of these "threats" to enterprise data is Wear Your Own Device (WYOD). According to new research from Accellion, published today, enterprises are simply not ready to tackle the security risks that come with "the dawn of the age of WYOD".
Aimed squarely at the UK enterprise, the research questioned decision makers from 100 organisations with more than 1,000 employees, and Accellion discovered that 77 per cent of them didn't include wearable tech as part of their broader mobile security strategic planning. What's more, 53 per cent said they hadn't even considered the possible impact of it on their security posture, despite 81 per cent also accepting any increase in wearable tech could be a security risk.
My main concern here is the figures simply don't make sense and I suggest the 'decision makers' who responded are immediately relieved of having to make any further decisions about enterprise data security as they are clearly not up to the task. I mean, seriously, half of them say they haven't considered the wearable threat yet more than 80 per cent accept wearables could be a security risk.
Did they not understand the question? If that were not enough to reinforce my knee-jerk distrust of such surveys, after all the responses are only as valid as the questions being asked. Another statistic emerging from this research is that 41 per cent of UK enterprises "currently have a BYOD policy in place that can be extended to cover wearables", which suggests that 59 per cent do not.
What the actual flip? More than half the BYOD policies out there, in these enterprises at least, are not fit for purpose because they do not cover own devices being brought into the workplace if they are strapped to a body part, apparently. Sorry, run that past me again, old chap?
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Accellion says the figures "demonstrate that the wearable device poses a great threat to UK business, and if IT teams don't act quickly we could see many more cyber attacks as a consequence" which isn't the conclusion I am drawing from the headline figures. What I'm getting is they demonstrate a number of enterprises either have a really crap understanding of what a BYOD policy should look like or no idea what a wearable device actually is. Or both.
Don't get me wrong, I fully understand the threat that wearables introduce into the enterprise data landscape. What I don't understand is how that threat differs fundamentally from anything else that falls under the umbrella of BYOD. The clue is in the D bit, and a smartwatch or Google Glass, or USB storage underpants for that matter are all devices. End of. Next...
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.