December 9, 2014

Final in Series: Be Wary of Wearables, Part 3 — Bastille

Final in Series: Be Wary of Wearables, Part 3

It happened. Black Friday and Cyber Monday came and went (weren’t they kind of economic disasters?), and as predicted, one of the hottest items flying off the shelf was wearable technology. So now we face the dilemma of all of these (and other IoT devices) flooding into the Enterprise.

There are a few considerations that need to be addressed with regards to consumer IoT products entering the enterprise. The first is security. How can a corporation make sure that the devices coming into their airspace, and likely connecting with their network, are safe? There’s already been one published DDoS attack on the Internet of Things in recent months; this will surely be the beginning of many more. One of the toughest challenges faced by IT staff is the multiple protocols that these devices use for communication. The most popular is Bluetooth, but as you can see by the recent update, Bluetooth is riddled with holes are ripe for exploit. Bluetooth is just one of many invisible communication protocols that organizations cannot even see, let alone secure. And, at the risk of sounding trite, I’d be remiss to leave out the Target and Home Depot breaches that came from connected devices from non-employees.

A secondary consideration for the Enterprise deals with privacy. Many companies have already adopted wearables for fitness and wellness programs and early studies point to some very positive benefits. However, responsibility for the data collected from these wearables remains undetermined. Who is responsible for personally identifiable information and what, exactly, can companies do with the data that they collect? There will come a time when someone is passed by for promotion by a super-fit colleague with too many 26.2 stickers on their car. Such a situation could spell litigation. Furthering the privacy concerns, what pieces of this data can be shared, with say, insurance companies? Again, it would seem that it’s only a matter of time before someone leverages this data for unintended purposes with negative consequences.

Finally, in this wearables and IoT explosion, companies have to consider what it’s going to do about the massive demand on network resources. In a study conducted earlier this year with 400 network professionals, more than half said that their networks are already running at full capacity. In addition, the recent large scale retail breaches has led to increased recommendations around creating a dedicated network for IoT and BYOD. But going back to my previous point, this would be a network of chaos, since the idea of IDS or vulnerability assessment for IoT simply doesn’t exists yet (we’re working on it). I suppose you could always name it The Wild Wild West or Use at Your Own Risk.

The use cases, and benefits, of wearable devices are vast. Sales data and surveys abound to show that this trend isn’t going anywhere. Thankfully, people are starting to realize that the Internet of Things is real and is going to present a significant change to the IT landscape. Unfortunately, security remains a weakness, standardization is non-existent, and with history as an indicator, many corporations may only stand up and take notice after a breach. 

Close your cybersecurity gaps with AI-driven wireless visibility

See Bastille in action with a live demo from our experts in wireless threat detection.