In the latest Internet of Things news this week, researchers from Cal Poly successfully designed an app for Google Glass that could take a picture every ten seconds with the display off, “uploading the images to a remote server without giving the wearer any sign that his or her vision is being practically live-streamed to a stranger,” Andy Greenberg writes. It’s scary enough to imagine that someone could be walking around, living their day-to-day lives as someone records their every action at a distance.
“All these new smart devices come with their own specific, new vulnerabilities, which can give attackers new opportunities,” security researcher Roel Schouwenberg has said. “They may require new technology and approaches to protect [them] properly. Adding new, complex devices to the equation is going to make things a lot more difficult.”
With Google Glass set to hit the market in early 2015, and an estimated 90 million wearable tech devices set to be shipped , CISO’s need to be cognizant that the Internet of Things will quickly seep into many organizations – whether your current BYOD policies allow them or not.
As our personal devices become increasingly advanced, the main concern where a CISO is involved is how to secure them in the workplace. Up to now, the track record hasn’t been great. Last year, a study by IBM found that fewer than 40% of organizations, the vast majority of which are large enterprises, have, in fact, organized specific policies for BYOD device.
This is not the time for CISO’s to shy away from BYOD – now, more than ever, it needs to be embraced, and quick. Malicious actors are already doing their part to break into businesses via the IoT – now it’s time to do your part. Your BYOD policies will absolutely evolve, but it’s essential that they are implemented as early as possible in order to be better adapted. The earliest implementers of BYOD policies, for example Intel, which began BYOD policies way back in ’09, have enjoyed better productivity, improved security and greater control.
BYOD doesn’t even mean ‘Bring Your Own Device’ anymore, “its ‘Brought Your Own Device’,” Mitch Parker, CISO of Philadelphia’s Temple University Health System jokes. “If you don’t realize they’re onsite already, that’s a big problem.” Security teams and CISOs have a tough road ahead in putting policies in place to secure an organization in increasingly connected environments. Some considerations for moving your BYOD policy forward should be:
- What regulations/compliance standards does your business – and so, too your BYOD policy – adhere to regarding employee devices?
- Where do you plan on storing data from BYOD devices?
- How will you respond when an employee violates the BYOD policy?
- Which Mobile Device Management solution(s) will you use and how will you secure wearable tech devices?
- How will you communicate your BYOD policy and any subsequent changes to the organization?
There are going to be an estimated 212 billion connected devices by the end of 2020. What are you doing to evolve your BYOD policies to include IoT devices?
Latest posts by Sarah Vonnegut (see all)
- How Secure is Your Online Banking App? - February 26, 2018
- Top 5 OWASP Resources No Developer Should Be Without - January 9, 2018
- Smart Cities: Can My City be Hacked? - December 11, 2017