Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1Wearable Technology – Security Considerations
Paula E. Skokowski, CMO, Accellion
The European Information Security Summit...
2Wearable Technology – Security Considerations
Introduction – Accellion Background
2,000+ 12M+Enterprise customers Users C...
3Wearable Technology – Security Considerations
Introudction - Accellion Customer Highlights
4Wearable Technology – Security Considerations
kiteworks by Accellion – Secure Mobile Content Platform
Securely Connecting...
5Wearable Technology – Security Considerations
Wearables - What Are We Talking About?
6Wearable Technology – Security Considerations
Types of Wearable Devices
Fitness Trackers
Smart Clothing Google Glass
Virt...
7Wearable Technology – Security Considerations
Wearables and the Premier League - Viper
8Wearable Technology – Security Considerations
Wearables in the Enterprise – Improving Productivity
9Wearable Technology – Security Considerations
Use Case: Google Glass Emergency Room App
10Wearable Technology – Security Considerations
“Working From Home”
11Wearable Technology – Security Considerations
Working – “Away From My Desk”
12Wearable Technology – Security Considerations
Working - “Out of Office”
13Wearable Technology – Security Considerations
“Out of Office” - But Still Productive
14Wearable Technology – Security Considerations
Smart Wearable Electronics Projected Growth
Gartner
Over 200 Million Weara...
15Wearable Technology – Security Considerations
Wearables – Leveraging New Mobile Features
New Mobile Features
• Accelerom...
16Wearable Technology – Security Considerations
Wearables – Introducing New Security Risks
 Enable unauthorized access an...
17Wearable Technology – Security Considerations
Wearables – Introducing New Privacy Risks
Direct Collection of Sensitive P...
18Wearable Technology – Security Considerations
Data Minimization
Wearables and IoT pose additional risk from expansive
co...
19Wearable Technology – Security Considerations
Wearables Information Data Leakage
Common Sources
 No IT Management or Ov...
20Wearable Technology – Security Considerations
Wearables – Information Security
21 43 5
Wearable
Devices
Bluetooth
Commun...
21Wearable Technology – Security Considerations
Wearables Information Security
1. Wearable Devices
2. Bluetooth Communicat...
22Wearable Technology – Security Considerations
Wearables Information Security
1. Wearable Devices
2. Bluetooth Communicat...
23Wearable Technology – Security Considerations
Wearables Information Security
1. Wearable Devices
2. Bluetooth Communicat...
24Wearable Technology – Security Considerations
Wearables Information Security
1. Wearable Devices
2. Bluetooth Communicat...
25Wearable Technology – Security Considerations
Wearables Information Security
1. Wearable Devices
2. Bluetooth Communicat...
26Wearable Technology – Security Considerations
4 Best Practices for Wearable Information Security
1Design in
Security
2 P...
27Wearable Technology – Security Considerations
Best Practice 1 – Design in Security
 Minimize the data collected and ret...
28Wearable Technology – Security Considerations
Best Practice 2 – Security Training
 Employees are unaware of security ri...
29Wearable Technology – Security Considerations
Best Practices 3 – Implement Defense-in-Depth
 Implement security at mult...
30Wearable Technology – Security Considerations
Best Practice 4 – Monitor Devices
 Track and report all activities in aud...
31Wearable Technology – Security Considerations
Regulations In the Works
Europe’s Article 29 Working Group (September 2014...
32Wearable Technology – Security Considerations
Thank You
For more information
www.accellion.com
Upcoming SlideShare
Loading in …5
×

Accellion - The European Information Security Summit, London

1,421 views

Published on

Accellion presentation from The European Information Security Summit.

Case study: What are the security ramifications of
wearable technology? Entering the world of BYOE
• Understanding the risks of connecting wearable
devices to sensitive data without secure solutions
• Consequences of WYOD integration into BYOD
Presented by: Paula Skokowski, CMO, Accellion, USA

Published in: Technology
  • Be the first to comment

Accellion - The European Information Security Summit, London

  1. 1. 1Wearable Technology – Security Considerations Paula E. Skokowski, CMO, Accellion The European Information Security Summit, London, Feb 2015 Wearable Technology - Security Considerations
  2. 2. 2Wearable Technology – Security Considerations Introduction – Accellion Background 2,000+ 12M+Enterprise customers Users Customers in more than countries renewal rate 115% 57 100,000+users at Verizon Headquarters Palo Alto, California Regional Headquarters London, Australia Largest deployment Securely Connecting Today’s Mobile Workforce with Enterprise Content
  3. 3. 3Wearable Technology – Security Considerations Introudction - Accellion Customer Highlights
  4. 4. 4Wearable Technology – Security Considerations kiteworks by Accellion – Secure Mobile Content Platform Securely Connecting Today’s Mobile Workforce With Enterprise Content Secure Mobile Content Platform Enabling Employees to Work Securely Wherever on Any Device, Smartphone, Tablet, Laptop, Wearable
  5. 5. 5Wearable Technology – Security Considerations Wearables - What Are We Talking About?
  6. 6. 6Wearable Technology – Security Considerations Types of Wearable Devices Fitness Trackers Smart Clothing Google Glass Virtual RealitySmart Watches Not Just for Humans
  7. 7. 7Wearable Technology – Security Considerations Wearables and the Premier League - Viper
  8. 8. 8Wearable Technology – Security Considerations Wearables in the Enterprise – Improving Productivity
  9. 9. 9Wearable Technology – Security Considerations Use Case: Google Glass Emergency Room App
  10. 10. 10Wearable Technology – Security Considerations “Working From Home”
  11. 11. 11Wearable Technology – Security Considerations Working – “Away From My Desk”
  12. 12. 12Wearable Technology – Security Considerations Working - “Out of Office”
  13. 13. 13Wearable Technology – Security Considerations “Out of Office” - But Still Productive
  14. 14. 14Wearable Technology – Security Considerations Smart Wearable Electronics Projected Growth Gartner Over 200 Million Wearable Units by 2018
  15. 15. 15Wearable Technology – Security Considerations Wearables – Leveraging New Mobile Features New Mobile Features • Accelerometer • Ambient light sensor • Barcode scanning • Bluetooth • Camera • Compass • Face recognition • Gestures • GPS • Gyroscope • Multi-touch interaction • Near-field communication • Proximity sensor • Speech recognition • Touch interface • Video in/out • Voice output New Applications • Secure Image Capture • Hands-free workflow • Signature Capture • Field Measurements • Geo-location • Telemedicine • Field Troubleshooting • ….
  16. 16. 16Wearable Technology – Security Considerations Wearables – Introducing New Security Risks  Enable unauthorized access and misuse of sensitive information  Misuse of video and image capture for invasion of privacy  Use of personal data (PHI) to determine health coverage, credit or employment decisions  Facilitate attacks on other systems  A compromised device could launch a denial of service attack, or send malicious emails  Create risks to personal safety  An attacker could hack into a medical device that delivers insulin and change the settings for delivery of medicine.  Unauthorized access to video or internet connected cameras could jeopardize individual safety
  17. 17. 17Wearable Technology – Security Considerations Wearables – Introducing New Privacy Risks Direct Collection of Sensitive Personal Information  Precise geo-location  Financial account numbers  Health information (PHI) Collection of Inferred Personal Information & Behavior  Habits  Stress Levels  Location  Personality Type  Sleep patterns  Happiness
  18. 18. 18Wearable Technology – Security Considerations Data Minimization Wearables and IoT pose additional risk from expansive collection and retention of data. Just because you can collect data doesn’t mean you should  Collect “just enough” data  Limit collection of data  Retain data for only a set period of time  De-identify data collected  Reveal Data Sharing
  19. 19. 19Wearable Technology – Security Considerations Wearables Information Data Leakage Common Sources  No IT Management or Oversight  Lost/Stolen Devices  No PIN Protection  No Encryption  Use of Unapproved Apps  Use of Public Cloud File Sharing Services
  20. 20. 20Wearable Technology – Security Considerations Wearables – Information Security 21 43 5 Wearable Devices Bluetooth Communication Cloud Services Mobile Apps Wifi Communication Image Source: Gartner
  21. 21. 21Wearable Technology – Security Considerations Wearables Information Security 1. Wearable Devices 2. Bluetooth Communication 3. Mobile App 4. Wifi communication 5. Cloud services Security Concerns  Unauthorized Video and Image Capture  Mis-use of Lost and Stolen Devices 1 1
  22. 22. 22Wearable Technology – Security Considerations Wearables Information Security 1. Wearable Devices 2. Bluetooth Communication 3. Mobile App 4. Wifi communication 5. Cloud services Security Concerns  Many wearables use BTLE (Bluetooth Low Energy)  Bluetooth 4.0 includes encryption 22
  23. 23. 23Wearable Technology – Security Considerations Wearables Information Security 1. Wearable Devices 2. Bluetooth Communication 3. Mobile Device and App 4. Wifi communication 5. Cloud services Security Concerns  Does the mobile app include a secure container for stored data?  Is data stored encrypted?  Can the mobile device be remote wiped?  Is the device PIN password protected?  Is MDM in place? 3 3
  24. 24. 24Wearable Technology – Security Considerations Wearables Information Security 1. Wearable Devices 2. Bluetooth Communication 3. Mobile Device and App 4. Wifi communication 5. Cloud services Security Concerns  Is data encrypted in transit?  Does the app communicate over https? 4 4
  25. 25. 25Wearable Technology – Security Considerations Wearables Information Security 1. Wearable Devices 2. Bluetooth Communication 3. Mobile Device and App 4. Wifi communication 5. Cloud services Security Concerns  Is data stored in multiple clouds?  Is data stored encrypted?  Who is data shared with?  Does the user opt-in for use of services? 5 5
  26. 26. 26Wearable Technology – Security Considerations 4 Best Practices for Wearable Information Security 1Design in Security 2 Provide Security Training 3Employ Defense-in- Depth 4 Monitor Security
  27. 27. 27Wearable Technology – Security Considerations Best Practice 1 – Design in Security  Minimize the data collected and retained  Use smart defaults  Secure the backend data storage  Test security measures Secure Mobile Container  Image upload directly from the camera – bypass camera roll  Store data in the secure container for offline access  6 digit PIN to access downloaded files/data for offline access
  28. 28. 28Wearable Technology – Security Considerations Best Practice 2 – Security Training  Employees are unaware of security risks  Incorporate BYOW into BYOD policy  Train all employees  Retain service providers that meet security standards
  29. 29. 29Wearable Technology – Security Considerations Best Practices 3 – Implement Defense-in-Depth  Implement security at multiple levels  Encrypt data in transit and at rest  Require user authentication – including 2FA Enterprise Grade Encryption  256-bit AES encryption for data-at-rest.  SSL encryption for data-in-motion and file upload/download  Authenticate via LDAP, SSO with SAML/OAuth/Kerberos
  30. 30. 30Wearable Technology – Security Considerations Best Practice 4 – Monitor Devices  Track and report all activities in auditable logs  Consider information security over lifetime of the device  Be cognizant of industry and government regulations ie HIPAA Admin Controls  Whitelist Apps - control which apps can open data.  Selective Remote Wipe – for lost/stolen devices.  Control View/Edit mode for users based on security policy.  Activity Logs - for full audit trail.
  31. 31. 31Wearable Technology – Security Considerations Regulations In the Works Europe’s Article 29 Working Group (September 2014)  Data protection authorities of EU member countries issued an Opinion on Recent Developments on the Internet of Things “user must remain in complete control of their personal data throughout the product lifecycle, and when organizations rely on consent as a basis for processing, the consent should be fully informed, freely given and specific.” oneM2M global standards body (August 2014)  Released a proposed security standard for IoT devices  Addresses authentication, identity management and access control EU General Data Protection Regulation
  32. 32. 32Wearable Technology – Security Considerations Thank You For more information www.accellion.com

×