The wearable challenge

InsightaaS.com welcomes input from seasoned IT journalist Lynn Greiner. Lynn’s commentary is based on a wealth of experience as an IT observer and from the front lines of IT management, as her article on the risks associated with wearable devices demonstrates. We look forward to additional commentary.

The 2014 Consumer Electronics Show was, as usual, inundated with all sorts of new toys, many of which will inevitably make their way into the office. At top of the heap were wearable devices.  Wearables run the gamut from health and fitness monitoring devices such as the FitBit, to smart watches such as the Pebble, to Google Glass. Unlike smartphones, which are by now a more or less known quantity, wearables are part of an undiscovered country.

Thanks to Bring Your Own Device (BYOD), dozens of smartphones that may be inherently unsuited to corporate environments are now in the pockets and purses of executive and staff alike. This trend has been giving IT departments nightmares, and enhancing the bottom lines of mobile device management (MDM) vendors. But many CIOs now have a handle on the BYOD situation, at least as far as smartphones are concerned.

But wearables present a whole new set of challenges, big ones. Market growth predictions are all over the map (typical in a new, high-growth industry), but they agree on one thing: wearables represent a huge, lucrative market. How huge? UK-based Juniper Research’s projection is that the number of wearable devices shipped will rise from about 13 million in 2013 to 130 million in 2018, and that the market size will grow from $US1.4 billion in 2013 to $US19 billion in 2018. Business Insider Intelligence thinks there will be shipments of 100 million units in 2014 and that the market will grow to $US12 billion per year. For its part, IMS Research (IMS), said that the wearables market (including industrial and military products as well as consumer devices) had already hit $US8.5 billion in 2012, with 96 million devices shipped. It predicts growth to 210 million devices and $US30 billion in revenue in 2018. And those estimates are several times what IMS predicted in 2011 (a $US6 billion market by 2016); that’s how fast wearables have taken off.

Unfortunately for CIOs and IT staff, support structures around wearable devices have not kept up. While there are more or less accepted protocols and etiquettes around phone use, and plenty of tools available to manage them, the wearable device world is the Wild West.

Wearables are not a concern to the CIO if the device is a fitness band on an employee’s wrist. While the user may incur risk to his or her personal information security, corporate data won’t be affected. However, if the wearable is a set of smart glasses such as Google Glass, or an Internet-connected wearable camera, all bets are off. Concerns about corporate data security with devices like this are very real.

Consider the fact that many wearable devices don’t look like electronic gadgets. Some look like pieces of jewellery, or digital wristwatches. Some are even items of clothing. It’s virtually impossible to detect if or when the device is recording data. Furthermore, most devices don’t have local storage; they immediately transmit their recordings to a cloud of unknown provenance and security.

That, in itself, isn’t necessarily bad. Users can choose what or who to trust with their data. But as soon as the user enters a corporate environment, those choices can compromise security, confidentiality and compliance  (it would be naïve to think that existing corporate access control systems also monitor cellular-enabled non-phone devices; they didn’t exist when the safeguards were created). That’s where the problems come in for the CIO. All it can take is one device recording inappropriately to compromise a company. Even if an employee records that confidential meeting by accident, without malicious intent, if his or her cloud account isn’t secure, intellectual property or customer information could end up exposed. That makes compliance officers very nervous. Since many wearable devices run on the Android operating system, they are subject to the same vulnerabilities and attacks as Android tablets and smartphones. Without proper policies and safeguards, even apparently benign devices can pose risk.

However, when properly used, wearable devices can be a boon to business. Field technicians who need access to documentation and schematics, sales people, physicians, or anyone else who needs lots of information on the fly and hands-free could become much more productive with Internet-enabled glasses. Companies could monitor employees in hazardous environments through sensors in smart clothing; that monitoring could save lives.

There is, however, inadequate security built in to many of these new devices, and a lack of tools with which to manage them. As with many new technologies, enthusiasm for the new functionality supersedes these dull but necessary corporate priorities. We’re seeing this in wearables just as we saw it in smartphones before them. Sadly, it will probably take an unfortunate event to waken the industry to the need for security around wearables. Meanwhile, the CIO has a few mitigating weapons. Well thought-out policies, good risk management and employee education will help companies keep issues to a minimum.