For some final thoughts, we also spoke to David Emm, Principal Security Researcher at Kaspersky Lab, on the subject of WYOD, and how much more of a challenge it will prove compared to BYOD, and all the pitfalls to be aware of.
TechRadar Pro: Is the impact that WYOD will have on businesses the same as BYOD has had?
David Emm: Organisations faced a huge challenge with BYOD. Not least because personal and business use of a single device in the workplace tended to 'creep in' unmanaged. Often devices were purchased on an ad hoc basis, rather than being part of an IT-managed process. So IT departments often had to retrofit security and management of mobile devices.
However, having gone through the process of managing mobile devices, many businesses will be better placed to deal with the management of wearable technology within the workplace.
TRP: How can businesses support the use of WYOD across their organisations?
DE: Wherever devices are used, whatever the technology they're based on, all mobile endpoints that can connect to your network need to be fully secured.
In order to provide this protection, IT managers need mobile security policies that not only overcome complexity and protect against malware, but also allow for simple human error, loss and theft.
TRP: What are the main pitfalls to be aware of when allowing WYOD into a business?
DE: Like computers, wearable devices are built on familiar operating systems and have vulnerabilities that can be exploited. They use the same protocols and are interconnected with other devices using similar applications. There is no way around this.
Traditional attack vectors are mainly against the network layer in the form of a Man-in-The-Middle (MiTM) attack, the exploitation of some vulnerability in the operating system, or the applications themselves. Being based on Android, Google Glass, for example, could inherit known vulnerabilities found in other devices with the same operating system.
TRP: How can business owners leverage WYOD to its best advantage?
DE: If they are not managed, there's a danger that they might become the weakest link in the chain of corporate security. They are a source of personal data that could be used to launch an attack against a company. If compromised, they could also become a portable 'spy' within the company, recording what happens in meetings, etc. This blog, by my colleague Juan Andres Guerrero-Saade, offers more detail on how these devices could be used by would-be attackers.
