martin_matthews - Fotolia

News

Wearables in the workplace strain existing GRC policies

Have you considered the GRC implications of wearables in the workplace? In this #GRCChat recap, participants consider the impact of wearables on established policies and how businesses can ensure data security and privacy.

Brian Holak, Site Editor

Published: 05 Feb 2015

As if bring your own device (BYOD) policies weren't complicated enough, wearable technologies seem poised to throw a wrench in established approaches to management. Wearables have been gaining traction in the enterprise as new devices offer the promise of improving productivity, business processes and even the fitness of employees.

Wearable technology shows no sign of slowing down: In TrendMicro's survey of 100 senior IT decisionmakers, 82 %of respondents said their organizations' BYOD security policies will have to change in order to account for wearables in the workplace.

How will policies change? How can companies assure BYOD policies are flexible enough to handle wearables while also guaranteeing that sensorized data is compliant? In this #GRCChat recap, participants discuss the effect of wearables on established MDM and what businesses can do to ensure data compliance.

#GRCChatters were quick to point out the uncertainties around where wearables fit into larger mobile device management (MDM) strategies. The technology is so new that few policy precedents exist, making incorporating wearables in the workplace a challenge not only to security and compliance, but also to user experience:

A4 Wearables creates many new GRC complications- another type of device to worry about as source of potential data leak #GRCChat
— Ben Cole (@BenjaminCole11) January 22, 2015

@ITCompliance A3 #Wearables still so new that co's using them prob dont have policy around the data they collect and how it's used. #GRCChat
— RachelTT (@RachelatTT) January 22, 2015

A3: I have no good answer yet. Sandboxing to separate data/apps may help. Keeping it all off-device is good but tough on UX/UI. #grcchat
— Forvalaka41 (@Forvalaka41) January 22, 2015

An important factor, according to SearchCompliance Editor Ben Cole, is to pay special attention to precisely which devices have the potential to enter the enterprise:

A4 It's important to stay ahead of the game- review the market to see what wearables are popular and moving into corporate use #GRCchat
— Ben Cole (@BenjaminCole11) January 22, 2015

@BenjaminCole11 And it looks like the wearables-in-business trend won't be 'deflating' anytime soon #harharhar #GRCChat
— FinServGRC (@FinServGRC) January 22, 2015

(Yes, this chat took place during the height of #DeflateGate.)

Lack of standardization is a challenge for wearables policies because it is hard to identify the right device-governance practices. SearchCompliance Associate Editor Francesca Sales raised a question about controlling device usage and data access within a company:

a4 how about standardizing and limiting what devices can access corp data to just certain devices? #grcchat
— Fran Sales (@Fran_S_TT) January 22, 2015

. absolutely @Fran_S_TT - some companies do have clear lines about what devices are acceptable, and what data is allowed on them #GRCChat
— Ben Cole (@BenjaminCole11) January 22, 2015

With wearable devices potentially recording a lot of sensitive, personal information about the wearer, bringing those devices into the workplace raises significant privacy concerns. Who has access to that information? How much privacy should employees expect? SearchCIO Senior News Writer Nicole Laskowski broached the subject of wearables privacy:

A4 Talk about personal privacy. How does IT ensure privacy when it comes to wearable devices? #GRCchat
— Nicole Laskowski (@TT_Nicole) January 22, 2015

. @TT_Nicole don't think IT can ensure total employee privacy- have to to protect company info on these devices and keep compliant #GRCChat
— Ben Cole (@BenjaminCole11) January 22, 2015

@BenjaminCole11 @TT_Nicole so govern around the data itself and not around devices? #grcchat
— Fran Sales (@Fran_S_TT) January 22, 2015

@Fran_S_TT @BenjaminCole11 @TT_Nicole #grcchat If you have to have BYOD touch corp. sys/data, write apps that encrypt all and store nothing.
— Forvalaka41 (@Forvalaka41) January 22, 2015

Security is another concern. Wearable devices may move on and off a company's network frequently and, with their increasing use for email and other business-related communications, may carry sensitive company data. But, as one participant pointed out, it's not just the data that needs to be secured -- it's the devices themselves:

A4: The smaller it is, the easier it is to steal or misplace. Protocols between wrist and phone have to be secure too. #grcchat
— Forvalaka41 (@Forvalaka41) January 22, 2015

How do you think wearables in the workplace will affect mobile device management? Sound off in the comments section below.

Next Steps

For more on BYOD governance, check out this #GRCChat recap on enforcing GRC essentials for a strong BYOD security policy. Then, read through this Q&A to get an expert's take on overcoming the data governance complications of wearable technology.

Dig Deeper on Managing governance and compliance

Is consumer data privacy at risk under cybersecurity legislation? #GRCChat participants discuss how cybersecurity legislation could hurt data privacy and what personal information protections should be included in the new rules.

Changes in technology create new difficulties for GRC processes In this #GRCChat, participants discuss how changes in technology like consumerization and evolving security threats affect GRC management and consider who should be responsible for that management.

Enforce GRC essentials for a strong BYOD security policy In this #GRCChat, find out what GRC features to keep top of mind when designing a BYOD security policy -- and how to ensure employees are on board.

2015 might be a big year for these GRC technologies This could be a big year for GRC technologies. #GRCChat-ters predict which tools and processes will continue their upward trend in 2015 and which will wane.

Top enterprise GRC and security predictions for 2015 Can we leave the "year of the breach" title to 2014? In this #GRCChat recap, participants shared their enterprise GRC and security predictions for 2015.

GRC 2015: What do you hope to achieve this year? A new year means a fresh start. In this #GRCChat recap, participants assess their current IT challenges and share their GRC 2015 resolutions.

Brian Holak asks:

How do you think wearables in the workplace will factor into BYOD policies?

Join the Discussion

SearchCIO

Don't let edge computing security concerns derail your plans

Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome ...

Risk-based digital identity benefits CIOs, CMOs and customers

Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, ...

Agile practices endure and continue to adapt

As the 20th anniversary of the Agile Manifesto approaches, Agile practices remain vital to software development and are being ...

SearchHealthIT

Google-Ascension deal reveals murky side of sharing health data

The Google-Ascension partnership is a 'PR failure' that demonstrates a need for greater transparency about what happens to ...

Digital transformation projects are an opportunity for healthcare CIOs

Geisinger Health System CIO John Kravitz gives advice on how healthcare CIOs can lead a digital transformation project within ...

Cloud-based security enables healthcare orgs to grow with the times

Cleveland Clinic's deputy CISO came to the 2019 CHIME Fall CIO Forum with a message: Migrating to the cloud won't be easy, but ...

SearchCloudComputing

Top 5 benefits of hybrid cloud

Why choose between public and private clouds when you can have both? With hybrid cloud, enterprises can address workload ...

AI-driven development trends shake up the cloud market

Enterprises are increasingly interested in AI, and cloud vendors are in a race to adapt their platforms to meet those needs. See ...

A primer on Alibaba Cloud for Western enterprises

When Western cloud users think of major cloud providers, it's typically the top three: AWS, Google Cloud Platform and Microsoft ...

SearchDataCenter

Understand top public cloud repatriation use cases

Cloud technology can pose billing, management and compliance issues. Here are five reasons why repatriating cloud workloads back ...

Microsoft quantum development turns toward hardware

Microsoft revealed plans to jump into the quantum hardware business with a chip capable of running quantum software.

Top 5 options for Linux certifications

Are you ready to expand your Linux knowledge? Here's a look at the latest courses, training content and exams available from ...

SearchDataManagement

CockroachDB 19.2 improves distributed database performance

New release of CockroachDB cloud-native distributed database platform helps to reduce latency; it also gets enhanced data backup ...

Redis Labs eases database management with RedisInsight

Based on the open source RDBTools project, Redis Labs' new tool gives database administrators a stable graphical user interface ...

How AI could save the enterprise data catalog

Enterprise data catalogs record all the databases and files in a corporation, but sometimes it can become out of date. Advances ...

SearchSecurity

Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting ...

Check Point: Qualcomm TrustZone flaws could be 'game over'

Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because ...

InfoTrax settles FTC complaint, will implement infosec program

InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal...

Join the conversation

5 comments

Send me notifications when other members comment.

Oldest

[-]

Brian Holak - 5 Feb 2015 11:22 AM

How do you think wearables in the workplace will factor into BYOD policies?

Munene49 - 10 Feb 2015 12:19 PM

I do not see how wearables add any benefit, in fact, I do not think wearables bring much value to the tech at all. All wearables do is try and merge fashion and technology, two areas that are so far apart in terms of ideas. Wearables are a major distraction to the employees and they will spend more time thinking of how trendy they look than the core reason they are at work that day.

mcorum - 10 Feb 2015 2:28 PM

I think there are a couple of key things to consider. First, as some of the tweets mentioned, privacy is going to be a rather large obstacle that will need to be overcome. I agree with Ben Cole’s tweet that IT can’t ensure total employee privacy. That said, I think the governance aspect needs to focus on what devices can be allowed on to be used in conjunction with BYD. The second key consideration I see is similar to IoT – the IT departments will have their hands full determining which of those wearable devices are supposed to be connected to the network, and which are “shadow devices” that an employee has brought into the office and connected to the network without IT knowing about it.

Ben Cole - 11 Feb 2015 5:06 PM

would it be possible for companies to ban wearables completely, or would it be too hard to draw the line between wearable devices and and common mobile devices like cell phones? It sounds like the privacy/security/IT logistics may be complicated to allow wearables in the corporate setting, but I wonder if companies ban them the company would be missing out on potential business benefits like improved employee productivity + satisfaction.

jennifer211 - 9 Feb 2015 1:41 PM

Ugh - seems like there's always something new to make corporate culture more tricky. Does anyone think this "wearables" trend will hold water for much longer?

Wearables in the workplace strain existing GRC policies