Key Points
- Wearables in Enterprise Mobility: Consumer wearable devices, such as smart watches, have become more common among enterprise employees
- BYOD Coverage: BYOD typically only covers laptops, tablets, and phones, but may extend to wearables by providing a definition of acceptable wearables and usage, adding relevant clauses specific for wearable devices, and managing visibility and control challenges.
- Wearables and IoT Devices: Wearables and IoT devices share similarities such as embedded OS, continuous sensor data collection, limited enterprise configuration interfaces; thus aligning wearable governance and IoT management strategies is beneficial.
Wearables are a huge part of enterprise mobility, as smartwatches, fitness trackers, smart glasses, and other connected devices are becoming more common among employees. While most organizations employ comprehensive BYOD policies, they don’t really cover devices beyond laptops and mobile devices.
This guide provides suggestions on governing wearable devices when viewed through the lens of enterprise governance rather than product novelty.
Why manage wearables in an environment with a BYOD policy
BYOD policies typically focus on laptops, tablets, and phones. As wearables become more prevalent, including them in such policies becomes more crucial. This is because wearables extend your network’s footprint whenever the following occurs:
- A managed smartphone pairs with a wearable device (e.g., smartwatch)
- A wearable gains access to corporate notifications
- A wearable device collects and syncs sensitive data
- Said device further connects to other networks via Bluetooth or wi-fi
Left unchecked, wearable devices can cause organizations to overlook devices that interact with their enterprise systems.
Understanding the security exposure points of wearable devices
Wearable devices often introduce risks in the form of exposure points. This is because, unlike other endpoints, many wearables lack robust enterprise-grade authentication, encryption management, or logging capabilities.
Examples of these exposure points include:
- Notification mirroring that reveals corporate content
- Health and biometric data tied to enterprise wellness programs
- Bluetooth broadcasting that may be intercepted
- Third-party apps that sync wearable data to external services
Including wearable devices in your BYOD policy
Wearables were originally meant for consumer use, not enterprise-level usage. This is why managing wearables relies more on indirect controls such as companion device policies and network segmentation. However, with the expanding use of wearables in the workplace, including them in an organization’s BYOD policy is critical for maintaining compliance and ensuring security.
To do so, organizations should take the following actions:
Define acceptable wearables and interactions
Not all wearables are appropriate for enterprise use. This is why it becomes necessary to define the following:
- Categories of permitted wearables
- Access to corporate wi-fi
- Governance of apps paired with wearables
- Monitoring or logging requirements
Address the usage of wearables in their BYOD and other relevant policies
Wearable governance should be clearly stated in an organization’s BYOD policy to reduce ambiguity for both auditors and users. Aside from your BYOD policy, wearable governance should also be addressed in:
- Acceptable use policies
- Data classification frameworks
- Network access rules
Manage visibility and control challenges
Many wearables typically connect through companion mobile applications, causing them to be indirectly visible. In turn, this also means that these devices aren’t independently manageable.
To circumnavigate this, organizations should reduce their blind spots by a variety of methods, such as:
- Enforcement of mobile app governance policies
- Restriction of certain Bluetooth profiles
- Segmentation of wearable traffic from sensitive networks
- Use of conditional access based on device posture
These methods extend visibility beyond physical hardware and include the data paths for wearable devices.
Wearables in the context of IoT device management
Internet of Things (IoT) device management refers to the processes used to manage IoT devices. Now, wearables and IoT devices share a lot of similarities, such as:
- Embedded operating systems
- Continuous sensor data collection
- Limited enterprise configuration interfaces
However, wearables are not typically considered IoT devices. That being said, organizations align how they craft their wearable device management strategy with their IoT device management strategy. This means that both should have segmentation, minimal access exposure, and lifecycle tracking to maintain data security.
Common misconceptions about wearable devices in enterprise environments
Wearables are harmless consumer gadgets
Wearables that are connected to your organization’s network can still expose enterprise notifications and sync to sensitive data. Thus, they can still provide exposure vectors to risks.
BYOD policies automatically cover wearables
Most BYOD policies cover laptops, tablets, and phones, but do not explicitly include wearable devices as part of their scope. Without this clear inclusion, a BYOD policy can still be considered vague and may have difficulty being enforced.
Wearables only affect mobile device teams
While wearables show an obvious impact on mobile device teams, they aren’t the only ones affected by wearable usage. Security, compliance, and network teams must also account for wearable risk.
Strengthen BYOD policies with wearable device governance
Wearable devices represent an emerging extension of the enterprise endpoint ecosystem. While they offer productivity and innovation benefits, they also introduce new governance considerations. By formally incorporating wearables into BYOD, IoT, and endpoint management policies, organizations reduce blind spots and strengthen their overall security posture.
Related topics:
