From providing the ability to dictate emails on the go to allowing voice-operated Internet browsing and hands-free video conferencing, wearable technology has the potential to make doing business easier than ever. But just like bring-your-own-device (BYOD) and any other type of new technology that blends the personal and business lives of workers, wearable technology will affect companies and their IT departments immensely, experts say.
"The introduction of wearable technology into the corporate workspace opens a whole array of existing and new concerns and unintended consequences," said Steven Bjarnason, a certified information systems security professional (CISSP).
A senior information systems security analyst at Knowledge Consulting Group (KCG), a Reston, Va.-based cybersecurity services firm, Bjarnason said wearable technology provides several potential productivity benefits, such as free-flowing business interactions, instantaneous note-taking and experience-sharing among employees.
However, these benefits come at a price. The businesses will have to pay for not only the technology, but also the added cost of governance, risk and compliance — a huge cost for startups and small businesses, Bjarnason said.
"Businesses should already have information and network-security policies in place to cover many of the concerns applicable to wearable technology," said Bjarnason. Although most IT departments already have guidelines that address such issues as workplace social networking, safe computing and BYOD usage, wearable technology raises several questions for the further development of these standards, Bjarnason said.
For instance, will all employees be allowed to use wearable technology, or will certain types of employees be barred from doing so? Will anyone be required to use it to do their job? And how will personnel be identified and approved for its use?
In addition, businesses should think about whether to restrict capabilities, such as by disabling certain features and figuring out where in the organization wearable technology will be allowed or prohibited, Bjarnason said.
These limitations should also address any necessary procedures IT should follow to maintain company privacy and secure networks in order to protect the company from any data leakage while wearable technology is active.
"From my vantage point, the biggest issue is privacy — both personal and corporate," said Edwin Covert, a cybersecurity analyst at strategy and technology consulting firm Booz Allen Hamilton. "Google Glass is the biggest potential offender in this regard. Someone wearing Google Glass has the real possibility of seeing something considered a trade secret."
While wearable technology provides a futuristic glimpse at where technology is headed, it will also show us the future of data leakage. "The first time someone hacks the device to see what someone else sees will open up a whole new level of corporate espionage," Covert said.
David Matthiesen, director of strategic accounts at DeviceLock, a data-loss-prevention (DLP) solutions provider, agrees that wearable technology is not immune to privacy and security breaches. One of the biggest concerns about wearable technology is that tasks can be performed covertly.
"It does not take a spy's level of trade craft ingenuity to use these devices for commercial espionage, identity theft or other personal gain if that is the intention," said Matthiesen.
Matthiesen added that businesses should be very concerned about the possibility that wearable technology could spur clandestine operations to steal from the company. "Any time there is physical — or even just visual — access where someone can stealthily take pictures or video of designs, prototypes, unreleased products and computer screens of information, or directly move files to innocuous-looking devices like a wearable watch or eyeglasses, there should be grave concern for data leakage."
"These devices make the farcical 'Mission Impossible' and James Bond gadget situations a reality that would almost take an overbearing and highly paranoid physical security team to thwart," Matthiesen said.
Granted, some may deem these privacy and security concerns premature, alarmist or even Hollywood-induced fearmongering. After all, wearable technology still hasn't taken the workplace by storm, much less wreaked havoc on security systems or taken entire corporations down by stealing private information. Should companies really be that worried about how wearable technology will impact their business? Should IT departments actually start re-evaluating their policies to prevent new types of privacy and security breaches brought on by these futuristic devices?
The answer is yes, Bjarnason said. Given the rapid pace at which technology is changing, it's better for business owners to be ready for a crisis today than to be unprepared to combat disaster when it strikes tomorrow.
"The key point to grasp is that a proactive, versus reactionary, risk-assessment approach is necessary as technology rolls along at its fast clip," Bjarnason said. "In the case of wearable technology, it's a question of asking if your company wants to embrace it as a natural order of things without a plan, or understand in advance what the implications and costs are so that it can adequately deal with the security, safety and privacy issues this technology potentially imparts."