Wearables in the workplace strain existing GRC policies

As if bring your own device (BYOD) policies weren't complicated enough, wearable technologies seem poised to throw a wrench in established approaches to management. Wearables have been gaining traction in the enterprise as new devices offer the promise of improving productivity, business processes and even the fitness of employees.

Wearable technology shows no sign of slowing down: In TrendMicro's survey of 100 senior IT decisionmakers, 82 %of respondents said their organizations' BYOD security policies will have to change in order to account for wearables in the workplace.

How will policies change? How can companies assure BYOD policies are flexible enough to handle wearables while also guaranteeing that sensorized data is compliant? In this #GRCChat recap, participants discuss the effect of wearables on established MDM and what businesses can do to ensure data compliance.

#GRCChatters were quick to point out the uncertainties around where wearables fit into larger mobile device management (MDM) strategies. The technology is so new that few policy precedents exist, making incorporating wearables in the workplace a challenge not only to security and compliance, but also to user experience:

A4 Wearables creates many new GRC complications- another type of device to worry about as source of potential data leak #GRCChat

— Ben Cole (@BenjaminCole11) January 22, 2015

@ITCompliance A3 #Wearables still so new that co's using them prob dont have policy around the data they collect and how it's used. #GRCChat

— RachelTT (@RachelatTT) January 22, 2015

A3: I have no good answer yet. Sandboxing to separate data/apps may help. Keeping it all off-device is good but tough on UX/UI. #grcchat

— Forvalaka41 (@Forvalaka41) January 22, 2015

An important factor, according to SearchCompliance Editor Ben Cole, is to pay special attention to precisely which devices have the potential to enter the enterprise:

A4 It's important to stay ahead of the game- review the market to see what wearables are popular and moving into corporate use #GRCchat

— Ben Cole (@BenjaminCole11) January 22, 2015

@BenjaminCole11 And it looks like the wearables-in-business trend won't be 'deflating' anytime soon #harharhar #GRCChat

— FinServGRC (@FinServGRC) January 22, 2015

(Yes, this chat took place during the height of #DeflateGate.)

Lack of standardization is a challenge for wearables policies because it is hard to identify the right device-governance practices. SearchCompliance Associate Editor Francesca Sales raised a question about controlling device usage and data access within a company:

a4 how about standardizing and limiting what devices can access corp data to just certain devices? #grcchat

— Fran Sales (@Fran_S_TT) January 22, 2015

. absolutely @Fran_S_TT - some companies do have clear lines about what devices are acceptable, and what data is allowed on them #GRCChat

— Ben Cole (@BenjaminCole11) January 22, 2015

With wearable devices potentially recording a lot of sensitive, personal information about the wearer, bringing those devices into the workplace raises significant privacy concerns. Who has access to that information? How much privacy should employees expect? SearchCIO Senior News Writer Nicole Laskowski broached the subject of wearables privacy:

A4 Talk about personal privacy. How does IT ensure privacy when it comes to wearable devices? #GRCchat

— Nicole Laskowski (@TT_Nicole) January 22, 2015

. @TT_Nicole don't think IT can ensure total employee privacy- have to to protect company info on these devices and keep compliant #GRCChat

— Ben Cole (@BenjaminCole11) January 22, 2015

@BenjaminCole11 @TT_Nicole so govern around the data itself and not around devices? #grcchat

— Fran Sales (@Fran_S_TT) January 22, 2015

@Fran_S_TT @BenjaminCole11 @TT_Nicole #grcchat If you have to have BYOD touch corp. sys/data, write apps that encrypt all and store nothing.

— Forvalaka41 (@Forvalaka41) January 22, 2015

Security is another concern. Wearable devices may move on and off a company's network frequently and, with their increasing use for email and other business-related communications, may carry sensitive company data. But, as one participant pointed out, it's not just the data that needs to be secured -- it's the devices themselves:

A4: The smaller it is, the easier it is to steal or misplace. Protocols between wrist and phone have to be secure too. #grcchat

— Forvalaka41 (@Forvalaka41) January 22, 2015

How do you think wearables in the workplace will affect mobile device management? Sound off in the comments section below.