Mobile
Commentary
8/21/2013
01:30 PM
Jerry Irvine
Jerry Irvine
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Google Glass: Security Risk For Governments?

Google Glass lacks basic security measures such as passwords, which could make the device more of a risk than smartphones.

Hubble Telescope's New Images: Galaxies Through Time
Hubble Telescope's New Images: Galaxies Through Time
(click image for larger view)
Google Glass can be a tremendous addition to the workplace: an employee can read emails, talk on the phone and access the Internet -- all without typing on a keyboard or a phone's keypad. However, this device presents a number of risks for organizations, much like the risks of a smartphone -- but bigger. And next year when Google Glass becomes widely available, you can bet that employees will want to wear their devices to work.

Although Google Glass is garnering initial praise from public safety officials, governmental CIOs, CTOs and IT executives had better be ready.

Government IT professionals must keep in mind that Glass's inherently fast operating mode lacks one major component: security. There are no password requirements, pin number or touch pattern to complete like those available on smartphones.

[ Will there come a day we can't imagine living without Glass? Read Google Glass: Autocorrect For Your Life? ]

Therefore, if someone were to steal an employee's Glass, he would have quick and easy access to all of the information stored on the device, which is linked to that person's Google+ account and smartphone by default. It's like taking candy from a baby. A hacker would have complete access to all contacts, email accounts, passwords, personal pictures and videos, and much more.

This becomes more of a threatening issue if the Glass owner has stored work or government-related information on the device or if the Glass is connected to a government system. Like smartphone devices, Glass can be hacked whenever it is connected to public Wi-Fi -- because public Wi-Fi security is minimal, it can be easily bypassed. The same risk exists when Glass is connected to a secure network through a hotspot on a smartphone. Also, any viruses on a person's smartphone, computer or Glass can be easily transferred to the entire network, consequentially making the network vulnerable to more viruses and hackers.

Another concern for government organizations is the threat posed to intellectual property, financials and confidential communications by employees who own Glass. If policies allow for employees to wear Glass in the workplace, strict regulations will have to be made limiting use in certain areas or when handling certain information.

Basically it comes down to being knowledgeable of the risks. Government organizations need to be aware of the capabilities of Glass and all of the possible threats posed by the device depending on the specific organization. Due to the inconspicuous nature of the device, controlling the purposes for which wearers use Glass is difficult. At this point, the best line of defense for any governmental organization is to be aware and be ready. And the best way to be ready is to create a Google Glass policy before employees stroll in wearing their devices.

Ideally, a Glass policy will fit into an existing BYOD strategy. If an organization doesn't have a BYOD strategy, the emergence of Glass can be a compelling argument to get one in place. As part of a Glass policy, a government entity might:

-- Set limits for where and how the device can be used.

-- Create a data loss prevention plan to detect potential data breaches.

-- Create an employee policy for use of Google Glass in the workplace.

-- Maintain Google Glass and all computers, installing security updates and patches as they become available.

No matter what shape the final Glass policy takes, timing is the most critical component. Having a Glass strategy in place before the device's wide release is half the battle, and that's particularly important when the battle you're facing is ever-changing.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rob Berra
50%
50%
Rob Berra,
User Rank: Apprentice
10/3/2013 | 2:24:01 PM
re: Google Glass: Security Risk For Governments?
It's not "pin number," it's "PIN." Stands for "Personal Identification Number." So "pin number" would be "Personal Identification Number number."
ITPolicy Guy
50%
50%
ITPolicy Guy,
User Rank: Apprentice
9/4/2013 | 6:11:08 PM
re: Google Glass: Security Risk For Governments?
I have found the biggest problem with BYOD is what do you do if a personal device is compromised? Wiping the device is not an option, especially because of the personal info on it. You can leave it up to the individual to clean, but how many people would know if it was properly cleaned. Not allowing a compromised device then means the person can't work and if he/she is teleworking, their productivity is now 0 until the device is clean.
Glass seems like it will be an even bigger headache because of the significantly higher chance of information being stolen/compromised just because someone is looking at a desk with sensitive information and malware on the device allows a hacker to take pictures of everything the person looks at.
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Author
8/26/2013 | 6:54:11 PM
re: Google Glass: Security Risk For Governments?
An issue I've come across with BYOD is all the red tape surrounding personal device use. The added security makes personal device use clumsy and time consuming and actually discourages its use. It becomes easier to use the company issued device and leave the personal one behind. If the Glass security measures are too cumbersome, will it be worth it to use Glass at all in the workplace?
WKash
50%
50%
WKash,
User Rank: Author
8/22/2013 | 8:30:32 PM
re: Google Glass: Security Risk For Governments?
Interesting idea. One of the challenges for federal agencies with Android is dealing with so many configurations. There has been some movement to establish some standardization, but it seems like a lot of duplicative effort going on as each agency would need to certify the security credentials.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
8/22/2013 | 8:03:21 PM
re: Google Glass: Security Risk For Governments?
I think we'd benefit from a standardized way of configuring device policies, similar to the way Android handles permissions. Then it would just be a matter of ensuring that devices were compliant with policy controls. It would be useful outside of business settings too, as in a movie theater that broadcast a ringer_volume = 0 policy to active mobile phones.
WKash
50%
50%
WKash,
User Rank: Author
8/22/2013 | 2:26:02 PM
re: Google Glass: Security Risk For Governments?
Google Glass is another example of why we need better solutions for authenticating users and securing data rather than managing security on devices.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.