Wearables and BYOD: Exposing the enterprise

Google has ramped up the conversation about wearables with its Android Wear initiative. As wearables get more prevalent, they may be entering the workplace unexpectedly and exposing sensitive information.
Written by James Kendrick, Contributor
Motorola smartwatch
Image: James Martin/CNET

Wearables, predominantly smartwatches, are about to take off if Google has its way. The Android Wear program that was recently announced was accompanied by the unveiling of smartwatches by LG, Samsung, and Motorola. Look for Google and its partners to be pushing these gadgets hard. Even if they aren't the next big thing, odds are owners will be using them in BYOD offices.

This may catch IT departments by surprise. Many are already struggling with policies and procedures for dealing with phones and tablets. Having employees bring in a range of those devices is not making it easy on the corporate support staff. Keeping corporate information safe and out of the hands of outsiders is complicated by those privately owned devices.

Wearables may not be remotely accessible by the IT support staff, unlike the phones or tablets used with BYOD.

Think about wearables and thoughts turn to security when they are worn (and used) in BYOD shops. While the smartwatch is essentially just another screen for the phone or tablet, they must store some data from the connected device onboard the wearable. Then there are the apps that owers can install on them to do all sorts of things.

If I were an IT planner in the enterprise I would be thinking about this already. This presents some new concerns, especially if the smartwatch connects to the phone via Bluetooth. It could be carrying around, and possibly accessing via the phone, sensitive corporate data. A smartwatch may not be remotely accessible by the IT support staff, unlike the phones or tablets used with BYOD.

Lost or stolen phones are not a big problem for corporate support — they can be remotely wiped to protect the sensitive stuff. That may not be an option for smartwatches or other wearables that IT can't reach remotely.

There's no need to panic, as the risk of having lots of data is low, but what about the little bit of information that might be buffered on the wearable? The email cached on the stolen smartwatch detailing the confidential merger discussion, for example. The information that outsiders see on a worker's smartwatch left in an airport washroom could be trouble. This is something that IT staff in BYOD installations better think about, and now.

See related:

Editorial standards