Key takeaways

  • Wearable technology is finally coming of age after a protracted infancy.
  • The potential benefits of deploying wearables in an organisation are enticing, but legitimate privacy concerns need to be addressed.
  • Andrew Gordon, cyber security partner at PwC, explains why preparedness is key to your organisation’s success with wearables.

 

We stand at the brink of the ‘wearables’ revolution. In fact, it’s already well upon us – and it’s not just smartwatches. From heart monitors, to location and voice-sensing employee badges, it’s a technological paradigm with a strong use-case, but it also raises serious concerns about data security, personal privacy, and an over-empowered Big Brother.

With great utility comes great responsibility, so if you’re an organisation looking to deploy wearable tech, you must get the security right first if you expect to make a convincing case about what, for many, feels like a leap of faith. Without that trust, the idea will be dead in the water.

Maybe it is
déjà vu!

Most people think wearables are promising but find them conceptually abstract. Apple and its competitors’ recent forays into smartwatches and Google’s Glass prototype are beginning to nail down the concept, but the paucity of compelling features available in versions 1.0 has kept us wondering – what will it allow me to do that I can’t do already?

If your upbringing was decidedly last century, you’ll probably be haunted by memories of wearables past (TV watches, anyone?) and wonder whether the current fervor isn’t merely a case of fashion’s having forgotten itself yet again.

Seiko watch

Seiko’s brave 1983 attempt at a wearable: the TV watch.

This time, though, the situation is distinctly different. What’s really set to sell us on once again allowing wristbands and computers to marry will be their ability to measure things about the wearer and his or her environment, and then to transmit that information back to base for real-time monitoring, tracking or storage for later analysis.

The case for wearables
is a strong one

It may not be immediately obvious, but the potential for wearable tech is huge – limited far more by human imagination than technological obstacles.

Less a communications convenience (after all, smartphone screens seem to be growing rather than shrinking) wearable tech is about the device being there to sense and record, ensuring the most complete and accurate dataset from which insights can be drawn.

Countless professions – miners, paramedics, police, rescue teams – all stand to gain from having information about their physiological condition and environment automatically and unobtrusively beamed back to home base and any relevant advice beamed back.

Even when the mission isn’t critical, imagine the efficiency dividend of being able to visualise the exact locations and statuses of a legion of field workers in real time. Couple that with a smart deployment algorithm and suddenly you’re servicing twice as many customers with half the staff.

Traps for
young players

There’s nothing inherently more dangerous about tech that’s wearable, but deep concerns tend to arise nonetheless. After all, it’s far easier to imagine a path to a totalitarian dystopia once you’ve got a tracking device strapped to everyone’s wrist. Smartphones have the potential to avail us to similar abuses, but because they tentatively remain something one can leave at home when the need for privacy or criminality arises, most people are happy to ignore the dangers.

If wearables are implemented as we predict, we will invariably witness the explosive growth of databases chock-full of very accurate, personal information – from physiological measurements, to spending habits, to patterns of movement (and thereby association).

Such comprehensive and revealing data caches are of immense value to certain people, which raises the question: should they be created in the first place? After all, when the bounty on your server vastly exceeds the funds available to protect it, infiltration becomes almost inevitable.

Authenticating to wearables
or with them?

Discussions about data security inevitably descend upon the perplexing difficulty of ‘foolproof’ authentication. For wearable devices, it’s a salient issue, especially if you plan to dispense money by waving it at things.

An innovative solution involves the wearable itself acting as a kind of ‘smart’ authentication token. Dubbed ‘passive continuous authentication,’ it utilises ‘behavioural biometrics’ and is being spearheaded by Google. Essentially, by measuring and analysing a range of biometric data – like voice patterns, facial features and location – the system arrives at a ‘trust score,’ which, surpassing a certain threshold, convinces the device that it really is you.

It’s an innovation that could simultaneously solve two of cyber security’s most intractable problems: people and their tendency to choose ridiculously insecure passwords and the often forgotten fact that traditional single-factor biometric identifiers like fingerprint, voice or facial-recognition data are trivial to steal, easy to replicate, and impossible to replace.

So, while such novel systems remain on the horizon for the time being, it’s almost a certainty that we will see them phased in as wearable technology matures.

For wearables to thrive,
trust is paramount

Many industries will be looking to adopt wearables in the near future. If it’s your call on wearables at your organisation, or even if you’re asked to advise or to implement, you’ll want to consider the following:

1. Be clear and compelling in communicating the reasons for implementing wearable technology.

Your workforce is likely split along lines separating those ready to blithely don the next gadget, those who feel suspicious and concerned about the potential for a breach of privacy, and those completely indifferent to everything apart from whether there’s a favourable subtext to the fashion statement being made.

To appease the skeptics, you need to make a convincing case. The benefits should be unequivocal and communicated sympathetically.

2. Establish a firm and unambiguous policy for wearable tech that addresses data protection and privacy concerns.

This will govern what data is collected, how it is to be stored securely, what it will be used for, and exactly what insights that data will draw – e.g., don’t say you’re monitoring heart rates for health purposes when in actual fact you want to ensure your factory workers aren’t taking it too easy.

Do your due diligence on the technical aspects in order to properly ascertain:

  • the security of the device itself, including known vulnerabilities
  • the security surrounding the transfer of the information
  • the nature of the information being collected and to whom it will be transmitted
  • any emerging threats that might necessitate a technical or policy response

It is important to recognise – and to admit as such – that data breaches are likely and can be catastrophic. The challenge, then, is to develop and communicate a data policy that minimises the usefulness of that data to an outsider – from anonymising it to simply deleting that which no longer has any relevant use.

Preparing
for deployment

The advice to IT managers is to start preparing now for the call to deploy – because when that call arrives, the deadline for establishing a secure and robust technical infrastructure is likely to be tight. That needs to be in place first, so get ready to work out how to secure it. This will also ensure that you have the agility and scope to address unforeseen operational issues.

For those keen on adopting early, we recommend early interdepartmental discussions. This isn’t an issue just for IT. Head office, human resources, and policy will have distinct roles internally; externally, trade unions might be a valuable ally if your aim is to ensure worker safety.

The future
will be wearable

As we step tentatively into an era that will likely see a robotic cornucopia tending to us humans as comprehensively as a race car in the pit lane, we need to remember that technology can be our liberator and saviour, but only with sober stewardship. Preparedness and forward-thinking ought to preempt these easily-avoidable abuses.

Ultimately, when it comes to wearables, it will be the consumers of the technology that ultimately define how it is implemented. By understanding the risks and insisting on careful protocols, we can ensure that this time around, wearables will finally thrive.

 

 

Contributor

Andrew Gordon

Andrew Gordon is a partner in PwC’s Cyber Security practice in Melbourne.

More About Andrew Gordon