Are You Ready for WYOD?
Google Glass. Samsung's Galaxy Gear smartwatch. These are just two of the wearable devices that enterprise IT departments may soon have to contend with. Before that happens, we talked with a few experts to learn where the technology is likely to start showing up, and what the security impact will be.
Enterprises able to reap specific benefits from wearables will probably be among the first adopters of Wear Your Own Device (WYOD), according to Frank Schloendorn, director of Android ecosystems at Fiberlink. "We've already had a customer in the medical field come to us saying they're thinking of getting a bunch of the Google Glass devices and having doctors or others try them out," he said. That makes sense for a sector where patient care decisions are made bedside, and where providers frequently need their hands free for other tasks.
Organizations that typically embrace technology, regardless of industry, will also number among WYOD's early adopters. But eventually even the more cautious organizations will have to contend with wearables and the security concerns they bring.
Let's talk security
Mobile device management solutions and BYOD policies often rely heavily on security measures like robust password requirements and on-device clients that ensure compliance. Right now, most wearables aren't set up to offer either this level of security or this level of security management. Wearables' operating systems may not be equipped to support the deployment of a device management application, and many lack the input interface to even type in a password.
Schloendorn recently looked at a number of smartwatches and said he did find one capable of using a PIN for locking and unlocking. But even with that functionality, the security features of the device are still not what most enterprises need. "There's no way to enforce that today," Schloendorn said of PIN entry. "There are no policy controls or anything that exists where you could install an agent on the phone to enforce that to happen." Your IT group may require devices to be secured by a PIN, but users can easily disable that feature on most of the current crop of wearables.
Meanwhile, depending on the particular type of device, they "will be easier to control or more difficult to control than cell phones," Justin Strong, senior global product marketing manager at Novell, said, and controllability alone may not determine which devices get adopted and which don't. A device's functionality and its popularity within an organization will also influence WYOD decisions.
"The people who are demanding the solutions are the ones dictating what it will be, instead of IT saying, 'You will have this or you won't have this,'" Strong said of many companies. How much your enterprise embraces consumerization may also influence whether existing BYOD guidelines can be applied directly to wearables, or if entirely new policies will need to be enacted.
"I think wearables take a much different form than smartphones and tablets do today, both from a management and a usage perspective," Schloendorn said. The current generation of wearable devices generally have far fewer features than smartphones or tablets, and instead supplement those devices. "If you take a smartwatch and you don't link it to your smartphone, for the most part you generally just have a watch," Schloendorn explained. That could make wearables easier to manage. If the master device is already covered under the current BYOD policy, then few changes may be needed as wearable technology becomes more prevalent.
Get ready for wearables
That doesn't mean administrators can get too comfortable. To get in front of the curve, they should evaluate where their existing device management policies might require additional attention. "Controlling [access] at the smartphone or tablet layer seems to be the best approach today," Schloendorn said. Containerized solutions for corporate data, for example, may provide the security your enterprise needs at the dawn of the age of wearables. "These devices are nowhere near a point where they are ready to be controlled themselves," Schloendorn explained. Once wearable devices are ready to support control solutions, then enterprises can dive more deeply into maintaining appropriate security and authentication levels. For now, enforcing robust and comprehensive BYOD and security policies will help to bring in line the devices in use today that tomorrow's wearables are likely to leverage.
Dipping a toe into the wearables waters may be the best way to begin. "The best piece of advice I would give them is to very quickly start a very agile and very small pilot program," said Strong. He believes that because each organization is so different—in culture, in resources, even in the regulatory rules and data security policies they with which they must comply—the surest way to figure out what really works is by getting some real-world experience.
Photo courtesy of Shutterstock.