Avoid the Headache: IT Security in the Age of Wearables and AR/VR

Written BY

Max Kardon

April 14, 2019

As the modern industrial workplace becomes increasingly connected by IoT-enabled devices, including AR/VR glasses and headsets, wearables, robotics and smart machinery, the enterprise grows more vulnerable to potentially devastating cyberattacks, privacy intrusions and IP theft. Enterprise wearables promise to advance workplace safety, efficiency and profitability, but they also present novel dangers that can have disturbing consequences. A network breach can have devastating financial, legal and reputational consequences for not just the enterprise and its clients but also the general public in sectors like power generation and oil and gas. A changing threat landscape makes it difficult to evaluate risk, nonetheless the decision facing enterprise leaders is when, not if, they should adopt IoT technologies into their operations. Enterprises that are too cautious and hesitant in pursuing digital transformation will fall behind their competitors. Now and in the future, the success of integration and responsible management of connected technologies will depend on enterprise IT leadership to implement and govern appropriate security measures.

At EWTS 2018 this past October in Austin, a common thread among the speakers was the importance of involving internal enterprise stakeholders responsible for safety and security as early in the pilot process as possible. It’s challenging enough for innovation teams to communicate the value of investing in AR, VR and wearables to corporate leadership; it’s next to impossible if the proof of concept exposes the company to unnecessary and unmitigated risks.

The strategy recommended by current end users is to have agility and imagination when developing a PoC or pilot project while taking a more conservative and measured approach to mitigating security and safety risks. Safety, security and device management experts are needed to judge the viability of any wearable solution under consideration. In general, established corporate cultures are not very receptive to new, relatively untested technology and expanded cybersecurity risks. Corporate financial leadership may see the deployment of wearables as a drain on company resources, while the IT team regards it as a threat to network security and workers see it as a threat to their own privacy and job security. In order to successfully deploy a wearable solution all parties must be convinced that the benefits outweigh their concerns.

On the EWTS 2018 stage, Steve Labudzinski, an R&D specialist from Con Edison, described the difficulty of equipping his field workers with the proper tools while also satisfying security measures, lamenting that it is not practical for workers to carry four different mission-critical wearable devices and also have to carry four corresponding mobile phones. He appealed to the audience for advice on getting all devices to communicate securely on one common platform, a software solution to solve a hardware problem. If the value of an application is to give instant feedback and present relevant, real-time information to workers, an integrated platform for all network devices greatly transforms the utility and potency of the wearable technology.

Introducing wearables into the workplace and achieving interoperability across platforms is like a double-edged sword. Companies that would generate value from the visualization of data and models have to bridge formerly separate silos of information, integrating wearable-incompatible formats like PDFs and paper into a digitally-integrated platform. The unification of previously disconnected and inaccessible information sources for use across the enterprise can create a wealth of value for collaborative and analytical purposes; however, enterprise-wide integration of digital resources also represents a larger target for cyber-attackers. The proliferation of IoT devices like wearable technologies multiplies the nodes of entry that bad actors might attempt to exploit. End users, corporate leadership, and partners must be accountable for upholding security standards.

From the EWTS 2018 stage, Jeff Lind of Caterpillar talked about the importance of evaluating potential partners and the development and management of long-term relations with them, noting “all partners must be trusted to protect client data. Trust, but verify.” Diligence in mitigating security risks and guarding against potential breaches includes auditing the practices of partners and vendors. A wearable deployment is only as secure as the integrity of the chain of custody. Absent government regulation and cybersecurity standardization (steps have been taken in Europe with GDPR), it is the enterprise and solution providers that need to work out standards for implementing security and privacy safeguards.

In some cases, security policy is governed by industry regulations that require strict compliance. At EWTS 2018, Chris Comfort, the Innovation Technology Manager of the Nuclear Division of Southern Corporation, shared his eight-month-long journey to get the greenlight for company-wide deployment of AR wearables. The restrictions were particularly inflexible because the devices would be deployed near the company’s nuclear power assets. Image- and data-collecting AR smart glasses attracted extraordinary scrutiny and the pilot had to be conducted offline and offsite. Comfort had to solidify support for “two-way video communication on a business network with confidential information within a highly regulated industry,” seeking access to a highly privileged network.

A pattern of stakeholder engagement and solution iteration was key to Comfort’s success. The constraints of elevated security concerns in a highly competitive corporate environment are not easily overcome. To get approval to introduce the RealWear HMT-1 smart glasses, Comfort had to convince influential members of the organization of the devices’ value and utility so they could in turn communicate the value to others and advocate on behalf of his project.

Comfort observed that the eight months he spent seeking approval can be considered a fast track, with much of that time spent working with vendors to align software designs and IT with Southern’s security protocols. This would not have been possible without ongoing consultation with internal allies, engagement with internal critics, and support from software vendors. Collaboration with the company’s IT department converted some IT leaders into enthusiastic advocates who helped shape adequate security protocols and the software features that Comfort would implement in collaboration with his vendors.

Innovation leaders should seek feedback from all interested parties and their varying expertise and concerns in order to better collaborate on producing a viable and effective solution. The push and pull to satisfy enterprise security standards can frustrate the advancement of even the most promising projects. “If you want to talk barriers, you can just talk about security all day. It’s a thing of nightmares,” remarked Walmart’s Steven Lewis in October. Steven was describing the difficulty of advancing an efficient technology solution not functionally hamstrung by the protocols of internal security groups. In anticipation of this hand-wringing, security considerations should be intrinsic to the design of a solution from the earliest stages of a project because a wearable pilot will not go forward without buy-in from internal security groups.  

IT’s traditional role in maintaining the digital infrastructure of a business has changed as IT has become a key profit driver and the operational backbone of many companies. The long-term success of businesses today hinges on a proactive approach to security with the adoption of any new technology. Cyber criminals will meet innovation with innovation as IT infrastructures grow more robust. To protect truly connected workplaces, IT priorities must receive the same timely attention and budget flexibility as the most critical business decision. The ongoing advancement of Industry 4.0 technologies and the rollout of 5G present immediate opportunities that any organization must be ready to approach with enthusiasm and caution.

The Enterprise Wearable Technology Summit (EWTS) is an annual conference dedicated to the use of wearable technology for business and industrial applications. As the leading event for enterprise wearables, EWTS is where enterprises go to innovate with the latest in wearable tech, including heads-up displays, AR/VR/MR, body- and wrist-worn devices, and even exoskeletons. The 6th annual EWTS will be held September 17-19, 2019 in Dallas, TX. More details, including agenda and early confirmed speakers, to come on the conference website.

Further Reading