As if bring your own device (BYOD) policies weren't complicated enough, wearable technologies seem poised to throw...
a wrench in established approaches to management. Wearables have been gaining traction in the enterprise as new devices offer the promise of improving productivity, business processes and even the fitness of employees.
Wearable technology shows no sign of slowing down: In TrendMicro's survey of 100 senior IT decisionmakers, 82 %of respondents said their organizations' BYOD security policies will have to change in order to account for wearables in the workplace.
How will policies change? How can companies assure BYOD policies are flexible enough to handle wearables while also guaranteeing that sensorized data is compliant? In this #GRCChat recap, participants discuss the effect of wearables on established MDM and what businesses can do to ensure data compliance.
#GRCChatters were quick to point out the uncertainties around where wearables fit into larger mobile device management (MDM) strategies. The technology is so new that few policy precedents exist, making incorporating wearables in the workplace a challenge not only to security and compliance, but also to user experience:
A4 Wearables creates many new GRC complications- another type of device to worry about as source of potential data leak #GRCChat— Ben Cole (@BenjaminCole11) January 22, 2015
A3: I have no good answer yet. Sandboxing to separate data/apps may help. Keeping it all off-device is good but tough on UX/UI. #grcchat— Forvalaka41 (@Forvalaka41) January 22, 2015
An important factor, according to SearchCompliance Editor Ben Cole, is to pay special attention to precisely which devices have the potential to enter the enterprise:
A4 It's important to stay ahead of the game- review the market to see what wearables are popular and moving into corporate use #GRCchat— Ben Cole (@BenjaminCole11) January 22, 2015
(Yes, this chat took place during the height of #DeflateGate.)
Lack of standardization is a challenge for wearables policies because it is hard to identify the right device-governance practices. SearchCompliance Associate Editor Francesca Sales raised a question about controlling device usage and data access within a company:
a4 how about standardizing and limiting what devices can access corp data to just certain devices? #grcchat— Fran Sales (@Fran_S_TT) January 22, 2015
With wearable devices potentially recording a lot of sensitive, personal information about the wearer, bringing those devices into the workplace raises significant privacy concerns. Who has access to that information? How much privacy should employees expect? SearchCIO Senior News Writer Nicole Laskowski broached the subject of wearables privacy:
A4 Talk about personal privacy. How does IT ensure privacy when it comes to wearable devices? #GRCchat— Nicole Laskowski (@TT_Nicole) January 22, 2015
Security is another concern. Wearable devices may move on and off a company's network frequently and, with their increasing use for email and other business-related communications, may carry sensitive company data. But, as one participant pointed out, it's not just the data that needs to be secured -- it's the devices themselves:
A4: The smaller it is, the easier it is to steal or misplace. Protocols between wrist and phone have to be secure too. #grcchat— Forvalaka41 (@Forvalaka41) January 22, 2015
How do you think wearables in the workplace will affect mobile device management? Sound off in the comments section below.
For more on BYOD governance, check out this #GRCChat recap on enforcing GRC essentials for a strong BYOD security policy. Then, read through this Q&A to get an expert's take on overcoming the data governance complications of wearable technology.