Security Market Segment LS
Wednesday, 13 April 2016 14:28

Wearables invade enterprise security

By

As wearables invade the workplace, new rules will be needed to ensure these highly invisible items don’t create security issues.

Centrify, a leader in securing enterprise identities against cyber threats, has released a survey warning that the presence of wearables in the enterprise should be a growing concern for IT security.

It polled more than 100 randomly-chosen attendees at last month’s RSA security conference in San Francisco. It found that:

  • 69% of wearable owners use no login protection – PINs, fingerprint, passwords, voice recognition – to access their devices.
  • Disturbingly 56% their devices to access business data via apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs, Microsoft Office or a combination of those.
  • 42% ranked identity theft as the top security concern
  • 34% said lack of IT management and device control by their employer was a concern
  • 22% felt that wearables could lead to a breach of sensitive work data

“As wearables become more common in the enterprise, IT departments must take serious steps to protect them as carefully as they do laptops and smartphones,” said David McNeely, VP of Product Strategy for Centrify, who is visiting Australia next week for the Connect Expo event in Melbourne.

“Wearables are deceptively private. Owners may feel that due to their ongoing proximity to the body, they’re less likely to fall into the wrong hands. However, hackers don’t need to take physical possession of a device to exploit a hole in security. The best news is that solutions already exist that can easily wrap wearables into the identity management picture.”

Centrify’s concerns are timely as it has been revealed hackers are already exploiting them. The popular term is ‘mobile devices at the edge’ and it’s a new opportunity for cybercriminals to exploit.

Let’s face it – wearables like the Apple Watch or Microsoft Band 2 are worn almost around the clock. Some are just a watch with smart benefits like notifications, and some are full blown fitness trackers with GPS and some smart benefits. Whatever information they gather is stored in the cloud - an enormous amount of personal, and often business information, that is a target for cyber criminals.

As wearable devices make their way into the workplace and by inference corporate networks, they bring a host of security and privacy challenges for IT departments and increase the amount of data that data brokers have to sell about an individual. Not the least is the potential to receive corporate emails on the device that also go to the cloud. In other words, all data on the wearable is at risk.

Gary Davis, chief consumer security evangelist at Intel Security, said, "The information that's contained on your wearable that's stored either on your smartphone or downstream on a cloud is worth ten times that of a credit card on a black market ... [manufacturers] are basically putting out these devices that are extremely vulnerable to attack.”

"The challenge for security people is it's hard enough to get consumers to update their apps on their smartphones or update their operating system and making sure they're applying the right security patches, which is pretty straightforward by updating in the app store. Doing it on a wearable device is significantly more complex. It will be harder once you get these devices out in mass to apply security patches. Users won't go to the time or effort to make these devices more secure," Davis said.

Enterprise needs to be aware that wearables offer access to the corporate network, initially via Bluetooth via a smartphone but increasingly via Wi-Fi sans smartphone. That data is frequently unencrypted. There is no security checking for wearables and the devices onboard memory can be used to take data out of the enterprise.

Third party apps can also hide spyware payloads Already custom malware has been found on a wearable that executed an internal DDoS network attack shutting down the company’s servers. In another case custom apps reported positive results when the results were otherwise.

Already app writers are looking at things like using your watch to gain access to a building – now a hacker could do that remotely. Another app can activate inbuilt cameras – fortunately, there are not many of those, but many have a microphone and could record conversations. And cyber criminals now have exploits on their agenda.

Cisco predicts there will be 600 million wearables in the enterprise space by 2020. At present no MDM (mobile device management) software system covers these. Because wearables work differently from smartphones, there are many unforeseen circumstances where they pose new security risks. Banning or restricting features is not a sound long-term strategy, so companies need to rethink policies, draft new plans and employ new services to deal with mobile device management.

At a minimum MDM needs to cover:

  • Custom security levels – from executives to staff
  • Remote find and erase of corporate data
  • Encryption
  • Keeping them off corporate Wi-Fi networks
  • Data leakage protection
  • Identity authentication

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments