Wearables and BYOD: Exposing the enterprise

Wearables and BYOD: Exposing the enterprise

Summary: Google has ramped up the conversation about wearables with its Android Wear initiative. As wearables get more prevalent, they may be entering the workplace unexpectedly and exposing sensitive information.

Motorola smartwatch
(Image: James Martin/CNET)

Wearables, predominantly smartwatches, are about to take off if Google has its way. The Android Wear program that was recently announced was accompanied by the unveiling of smartwatches by LG, Samsung, and Motorola. Look for Google and its partners to be pushing these gadgets hard. Even if they aren't the next big thing, odds are owners will be using them in BYOD offices.

This may catch IT departments by surprise. Many are already struggling with policies and procedures for dealing with phones and tablets. Having employees bring in a range of those devices is not making it easy on the corporate support staff. Keeping corporate information safe and out of the hands of outsiders is complicated by those privately owned devices.

Wearables may not be remotely accessible by the IT support staff, unlike the phones or tablets used with BYOD.

Think about wearables and thoughts turn to security when they are worn (and used) in BYOD shops. While the smartwatch is essentially just another screen for the phone or tablet, they must store some data from the connected device onboard the wearable. Then there are the apps that owers can install on them to do all sorts of things.

If I were an IT planner in the enterprise I would be thinking about this already. This presents some new concerns, especially if the smartwatch connects to the phone via Bluetooth. It could be carrying around, and possibly accessing via the phone, sensitive corporate data. A smartwatch may not be remotely accessible by the IT support staff, unlike the phones or tablets used with BYOD.

Lost or stolen phones are not a big problem for corporate support — they can be remotely wiped to protect the sensitive stuff. That may not be an option for smartwatches or other wearables that IT can't reach remotely.

There's no need to panic, as the risk of having lots of data is low, but what about the little bit of information that might be buffered on the wearable? The email cached on the stolen smartwatch detailing the confidential merger discussion, for example. The information that outsiders see on a worker's smartwatch left in an airport washroom could be trouble. This is something that IT staff in BYOD installations better think about, and now.

See related:

Topics: Mobility, Android, Google, Smartphones, Bring Your Own Device

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Which is why I will always buy a separate phone for business . . .

    "Lost or stolen phones are not a big problem for corporate support, they can remotely wipe them to protect the sensitive stuff. "

    Which is why I will always buy a separate phone for business (if they don't supply me with one and I am somehow required to have one), and never bring my own personal phone onto a corporate network. It's certainly not a win-win situation if I lose my phone.
    • Some Other Issues

      Being responsible, in part, for data security at a government entity, I've had to look into the BYOD (or, in our case, the payment to employees for using their own devices initiative) corporate rules. We were going to offer employees a $50 stipend for using their own smartphone. Most employees in the pilot group refused to participate once they learned the rules. First, the enterprise would have to examine the phone and load client software on the phone (MDM software, etc.) Second, the user must report any loss or theft of the phone within 24 hous (24 x 7 helpdesk). Third, the enterprise will remotely WIPE all data on any personal phone registered for the program. This includes grandma's photos! And then there would be special policy requirements associated with locking of the phone (how often/quickly, password complexity, what websites you can/cannot visit). Lastly, if there is a lawsuit against the enterprise, you may lose your phone altogether for a long time if the judges want to do "eDiscovery". It just wasn't worth it.
  • The assumption being made is that anything can connect to the corporate net

    If that is true, then the security of the corporation has already been destroyed.

    Nothing else will make any difference. Complaining about "wearables and byod" is irrelevant.

    Such wireless networks (or wired for that matter) should always be encrypted.
  • One Thought on Wearibles

    We already found that, in our enterprise, BYOD will not work because the employees will not subject themselves to the rules of data security including confiscation by courts/lawyers or remote wipe or annoying policies. In the case of wearibles, there will also be security issues. If what I read about Google Glass is true, for instance, the device is always "on" to provide such features as location services and facial recognition. So, if i went into the restroom with my cell phone out in picture taking stance, I would be booted out of there. If I was wearing Glass even without saying the magic words, "Glass, take a picture..." there would still be feed going up to Google. And then what happens when someone is wearing Glass while viewing critical computer code or protected data? And then there are always questions that we had to deal with on the "mobile workforce". You can't take information nor data out of the building, even on a jumpdrive, unless the data is encrypted. There will always be a seperation between what the rules are and what employees actuall do. At least this way, an employee who loses an unauthorized device can be fired with cause (in some cases, arrested).

    I've tested plenty of companion devices and security...

    Solution is stop using NFC,, Bluetooth, RFID, or any other connection that is meant to be broadcasting BUT for seconds at most a minute..

    Copy exactly how answerphones get data - GSM and CDMA. Security is already in place