Google Glass: Security Risk For Governments?

Google Glass lacks basic security measures such as passwords, which could make the device more of a risk than smartphones.

Jerry Irvine, Contributor

August 21, 2013

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Hubble Telescope's New Images: Galaxies Through Time

Hubble Telescope's New Images: Galaxies Through Time


Hubble Telescope's New Images: Galaxies Through Time (click image for larger view)

Google Glass can be a tremendous addition to the workplace: an employee can read emails, talk on the phone and access the Internet -- all without typing on a keyboard or a phone's keypad. However, this device presents a number of risks for organizations, much like the risks of a smartphone -- but bigger. And next year when Google Glass becomes widely available, you can bet that employees will want to wear their devices to work.

Although Google Glass is garnering initial praise from public safety officials, governmental CIOs, CTOs and IT executives had better be ready.

Government IT professionals must keep in mind that Glass's inherently fast operating mode lacks one major component: security. There are no password requirements, pin number or touch pattern to complete like those available on smartphones.

[ Will there come a day we can't imagine living without Glass? Read Google Glass: Autocorrect For Your Life? ]

Therefore, if someone were to steal an employee's Glass, he would have quick and easy access to all of the information stored on the device, which is linked to that person's Google+ account and smartphone by default. It's like taking candy from a baby. A hacker would have complete access to all contacts, email accounts, passwords, personal pictures and videos, and much more.

This becomes more of a threatening issue if the Glass owner has stored work or government-related information on the device or if the Glass is connected to a government system. Like smartphone devices, Glass can be hacked whenever it is connected to public Wi-Fi -- because public Wi-Fi security is minimal, it can be easily bypassed. The same risk exists when Glass is connected to a secure network through a hotspot on a smartphone. Also, any viruses on a person's smartphone, computer or Glass can be easily transferred to the entire network, consequentially making the network vulnerable to more viruses and hackers.

Another concern for government organizations is the threat posed to intellectual property, financials and confidential communications by employees who own Glass. If policies allow for employees to wear Glass in the workplace, strict regulations will have to be made limiting use in certain areas or when handling certain information.

Basically it comes down to being knowledgeable of the risks. Government organizations need to be aware of the capabilities of Glass and all of the possible threats posed by the device depending on the specific organization. Due to the inconspicuous nature of the device, controlling the purposes for which wearers use Glass is difficult. At this point, the best line of defense for any governmental organization is to be aware and be ready. And the best way to be ready is to create a Google Glass policy before employees stroll in wearing their devices.

Ideally, a Glass policy will fit into an existing BYOD strategy. If an organization doesn't have a BYOD strategy, the emergence of Glass can be a compelling argument to get one in place. As part of a Glass policy, a government entity might:

-- Set limits for where and how the device can be used.

-- Create a data loss prevention plan to detect potential data breaches.

-- Create an employee policy for use of Google Glass in the workplace.

-- Maintain Google Glass and all computers, installing security updates and patches as they become available.

No matter what shape the final Glass policy takes, timing is the most critical component. Having a Glass strategy in place before the device's wide release is half the battle, and that's particularly important when the battle you're facing is ever-changing.

About the Author

Jerry Irvine

Contributor

Jerry Irvine is a member of the National Cyber Security Task Force and the CIO of Schaumburg, Ill.-based Prescient Solutions, an IT outsourcing firm.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights