The Security of Enterprise AR/VR and Wearables

Written BY

Emily Friedman

June 17, 2015

Today, we will delve into perhaps the most daunting of issues facing enterprise use of wearables: data security.

Data Security

And so finally we come to the mother of all challenges. A number of recent headlines have attributed serious apprehension, and even fear, to the adoption of wearable technology precisely because of the security challenge. Whatever the misgivings out there, wearables are inevitably going to come into many companies in one way or another, whether distributed by management or worn as personal devices by employees in the office. These businesses will have to expand their corporate security measures, including BYOD policies, to cover wearable devices.

It is essential to ensure the privacy of both enterprise and personal data. Enterprise use of wearables will involve the transfer of critical corporate information among various devices and systems, as well as the collection of employees’ personal information. Whenever a device – wearable or not – is connected to a corporate network, there is ample opportunity for data leaks. A robust security mechanism is required to protect businesses’ data. Preferably, this mechanism would empower a company to wipe-off data – all the data or just specified quantities – in cases of unauthorized access or even a lost or stolen device.

Currently, most organizations’ BYOD strategies revolve solely around smartphones and tablets; but wearable technology may pose additional security risks not encountered with traditional mobile devices. And as wearables become more and more mainstream in business, the number of endpoints by which hackers could potentially intercept corporate data will increase. Each wearable device represents a potential node (of vulnerability) in an enterprise’s network that requires management and monitoring. It will be up to IT departments to track when and where wearables are entering the enterprise; and to come up with both solid strategies and strong policies for securing these devices and ensuring that unauthorized persons do not gain access to or have the opportunity to intercept sensitive data.

Device tracking among employees is necessary in this new era of mobile technology, again not just for purposes of protecting corporate data but also for protecting the privacy of those supplying the data—the users (or wearers). Companies will have to track all assigned wearable assets: If an employee were to resign or lose his assigned wearable device, the IT team would have to react appropriately, perhaps by administering a full device wipe or even a corporate-wide wipe of all pertinent data. Tracking the devices also includes managing data access. For instance, IT teams will need to be wary of employees using unauthorized wearable devices or apps on authorized devices for unofficial purposes, both of which pose security risks. Authorizing specific assets (whether individuals or departments) with access to limited applications and/or groups of data would be a good measure on this front, as well.

Of course, it’s not only employees who might misuse data. The problem of security goes beyond corporate information to extend to personal information, as well, since wearables collect vast amounts of data about their users’ habits and daily activities. How companies use this data and its security is a large part of the challenge (and hesitation) to enterprise adoption of wearable tech.

Further Reading