The next security perimeter? You're wearing it.
The idea of wearable technology is not new to government. In the military, the concept of using hands-free technology to integrate soldiers in the field into mobile ad hoc networks is part of the Defense Department’s vision of network-centric warfare. But what happens when unmanaged personal or wearable devices are brought into the workplace to connect with the enterprise network?
The result is another layer of security concerns for agencies that still are struggling with the challenges presented by the bring-your-own-device movement.
Some of the challenges presented by products such as Samsung Galaxy Gear and Google Glass are not new. In many ways, “it’s just an alternative form factor,” said Paul Christman, Dell Software’s vice president of public sector. “They are fairly consumer oriented, and they tend to be fairly low tech,” mostly acting as sensors to gather data such as location and health metrics.
The challenge with these devices is not only to secure the data they gather and the connections they use but also to decide who owns and controls the data.
Joggers who wear a fitness monitor might assume the data is theirs; but odds are they are sharing it with someone else, whether they know it or not. As devices become more sophisticated and are used to access data at work, they will have to be managed and the data they access secured.
Progress is being made in addressing the workplace security challenge in traditional BYOD, often by compartmentalizing the devices to create separate personal and work partitions. Typically, the user cedes a degree of control over the personal device so that workplace IT administrators can enforce policy in the partitioned workspace.
“The same model can apply” in wearable technology, Christman said. “But how do you compartmentalize Google Glass?”
Technologically, the challenge is not that great. Based on their experience with laptops and smartphones, IT pros can port existing security tools to the new form factors as the devices become sophisticated enough to accept them. The real hurdle is making the decision to do so and doing it early enough that administrators do not find themselves in an endless loop of catch-up as the new technology comes online.
Fortunately, the call for security is going out early. “There are a lot of people sounding the alarm from the get-go,” Christman said. “Geolocation data is getting a lot of attention now. That’s one of the things that needs to be addressed first.” The security of local wireless connection protocols used by small devices, such as Bluetooth and near field communication, also needs to be addressed.
And along with the technology fixes there will have to be “polite rules of society” for when and where we use technology and when it’s time to take the glasses off, Christman said. Rules such as “turn the camera off in the locker room” are probably a good idea.
The social and legal niceties of mobile devices are no trivial matters. A man was shot to death in Florida last month in an apparent argument over texting in a movie theater, and a California woman was ticketed late last year for driving with Google Glass. The charge against the woman was dismissed in January, but the questions about liability and legality remain unanswered.
Posted by William Jackson on Feb 21, 2014 at 12:31 PM