Prepare for WYOD management and security challenges

Enterprise wearables will soon usher in the age of wear your own device, but IT needs to ready itself for the management and security challenges of WYOD.

Wearable devices are about to go mainstream, and IT departments need to prepare for the management and security implications. IT can expect new challenges around supporting smart watches, smart eyewear, health and fitness trackers and other wearable technology.

Wearable consumer electronic unit sales will take off in 2015, according to the Consumer Electronics Association's (CEA) semi-annual industry report released in January. The CEA projects 30.9 million consumer wearables sold this year, which would be a 61% increase over 2014. The report also predicts a 359% spike in smart watches, spurred on by the recently released Samsung Gear S and the Apple Watch.

Just as Apple's iPhone triggered the bring your own device (BYOD) era, these new products will launch a wear your own device (WYOD) trend that enterprises cannot afford to ignore.

Wearables at work

Smart eyewear got off to a rocky start with Google Glass, but enterprise wearables still show great potential. Wearable devices make it easier for workers to remain connected to the network, while most also enable hands-free interaction with equipment, data and customers. Enterprises could also deliver context-specific information or visuals to employee wearables using haptic technology. Workers of all kinds could use smart watches to wirelessly unlock doors and cabinets, start equipment and vehicles, and receive silent, vibrating alerts when it's time to perform certain tasks.

These wearable devices and the plethora of industry-specific functions they enable are just getting started. Highly mobile verticals such as healthcare, retail and field services are likely to lead wearable business adoption, and progressive businesses in all sectors can start to identify potential uses. However, even enterprises that take a wait-and-see posture should prepare a WYOD strategy.

WYOD challenges

Like BYOD phones and tablets, WYOD devices pose management and security challenges that IT must address -- preferably now, while numbers are small and risks are relatively modest.

For example, wearables connect with Wi-Fi and Bluetooth to enterprise networks and authorized smartphones. There are several important considerations surrounding this connectivity.

  • Does your enterprise wireless LAN have the capacity to support these new devices as they appear without notice and generate new traffic streams?
  • Will increased Bluetooth use and video traffic create congestion, interference or elevate risks posed by Bluetooth attacks?
  • How will your company detect and prevent unauthorized WYOD activity that endangers business networks, devices or data?
  • Which wearables should be allowed to access IT-managed assets and under what circumstances?

It's tempting to think of WYOD as a new kind of BYOD, but wearable computing is fundamentally different. Wearables are not necessarily stand-alone devices. At least initially, many wearables are peripherals that must be paired with smartphones or tablets for Internet connectivity, long-term data storage and application analysis.

A company in investment mode probably isn't profitable, but that shouldn't be enough to scare you away.

Most organizations currently lack the proper resources to optimize user experience on enterprise wearables. Wearable devices rely on voice and tap input rather than a keyboard and mouse, and they deliver audio, visual and haptic output in ways that require rethinking user interfaces.

Wearables may not store a lot of data, but the information they do collect and store differs by device. Organizations should conduct a total reassessment of both personal privacy and business risks.

Finally, wearables can only deliver on their value proposition when they are allowed to operate continuously and conveniently. This requires novel approaches to user authentication and access control.

Bring wearables under IT control

Mastering these challenges starts with situational awareness. Enterprises should use wired and wireless intrusion prevention systems, enterprise mobility management (EMM) systems, and WLAN management tools to detect and catalog wearable devices as they enter the workplace. Understanding the kinds of wearables employees are using, how and where they attempt to connect, and which business assets they touch, is the first step to assessing business need and risk.

Next, build on your existing mobility policies to shape an acceptable use policy for wearables at work. Enterprises in highly-regulated industries may opt to altogether ban certain kinds of wearables. For example, smart eyewear used in healthcare settings could potentially expose patient data protected by HIPAA.

Where risks aren't apparent, it may be more productive to take a softer stance, permitting largely unrestricted personal use of wearables that don't connect to business assets or data. As WYOD use grows, workers will begin to request business WLAN and data access for their devices. IT can use that input to develop use cases, define device criteria and controls, and assess EMM ability to enable access and enforce policy.

Time will tell whether wearables really take off -- both among consumers and businesses. But there's no time like the present to start detecting and assessing wearables at work, as IT will soon need to formulate company policies for managing and securing WYOD on an even larger scale.

Next Steps

Five ways wearable tech will impact the enterprise

Use cases for wearable devices

Wearable devices could be the next big trend

Wearables are already influencing GRC policy

Dig Deeper on EMM tools | Enterprise mobility management technology