Wearable tech & the risk it poses to enterprise data
Davey Winder explains why IT directors need to wise-up about including wearables in their organisation's BYOD security policies
Bring Your Own Device (BYOD) security problems have been overblown during the last few years. Sure, the increased uptake of cloud services and the pressure put on both budgets and staff expectations has led to more off grid devices appearing in the workplace. However, the use of them doesn't have to be a security nightmare; it just means the enterprise has to adjust its security posture accordingly to accommodate the risk.
The same goes for the 'Shadow IT' threat. None of which stops security vendor after security vendor from lining up to tell us all these things are a clear and present danger to enterprise data.
The latest of these "threats" to enterprise data is Wear Your Own Device (WYOD). According to new research from Accellion, published today, enterprises are simply not ready to tackle the security risks that come with "the dawn of the age of WYOD".
Aimed squarely at the UK enterprise, the research questioned decision makers from 100 organisations with more than 1,000 employees, and Accellion discovered that 77 per cent of them didn't include wearable tech as part of their broader mobile security strategic planning. What's more, 53 per cent said they hadn't even considered the possible impact of it on their security posture, despite 81 per cent also accepting any increase in wearable tech could be a security risk.
My main concern here is the figures simply don't make sense and I suggest the 'decision makers' who responded are immediately relieved of having to make any further decisions about enterprise data security as they are clearly not up to the task. I mean, seriously, half of them say they haven't considered the wearable threat yet more than 80 per cent accept wearables could be a security risk.
Did they not understand the question? If that were not enough to reinforce my knee-jerk distrust of such surveys, after all the responses are only as valid as the questions being asked. Another statistic emerging from this research is that 41 per cent of UK enterprises "currently have a BYOD policy in place that can be extended to cover wearables", which suggests that 59 per cent do not.
What the actual flip? More than half the BYOD policies out there, in these enterprises at least, are not fit for purpose because they do not cover own devices being brought into the workplace if they are strapped to a body part, apparently. Sorry, run that past me again, old chap?
Accellion says the figures "demonstrate that the wearable device poses a great threat to UK business, and if IT teams don't act quickly we could see many more cyber attacks as a consequence" which isn't the conclusion I am drawing from the headline figures. What I'm getting is they demonstrate a number of enterprises either have a really crap understanding of what a BYOD policy should look like or no idea what a wearable device actually is. Or both.
Don't get me wrong, I fully understand the threat that wearables introduce into the enterprise data landscape. What I don't understand is how that threat differs fundamentally from anything else that falls under the umbrella of BYOD. The clue is in the D bit, and a smartwatch or Google Glass, or USB storage underpants for that matter are all devices. End of. Next...