Preorders, try-on sessions, and in-store reservations for Apple’s smartwatch began on Friday. With some reports claiming that nearly a million of the devices were pre-ordered during the first days of sales, there’s a good chance that at least a few will be entering your organization in less than two weeks.
Although Apple Watch has gotten more attention than most smartwatches, it’s hardly alone. Pebble Time became the most well-funded Kickstarter campaign in history last month. There’s a fairly wide range of Android Wear watches on the market. Microsoft has stepped into the ring with its multi-platform Band. Samsung, Sony, and others have created their own independent smartwatch platforms. Fitbit has become a household name with devices like its Surge “super watch” that border on smartwatch capabilities, as do some other fitness trackers. You almost certainly have some employees wearing these devices to work on a daily basis already.
To one extent or another, these devices are capable to storing, transmitting, or displaying business content. That content may be something as simple as incoming calls, as on the Fitbit Surge, or it may be much more detailed in the form of emails, messages, calendar alerts, location data, and notifications from work-related apps. Even some enterprise apps may be transmitting content to smartwatches. Evernote is a commonly used business tool (albeit sometimes in a shadow IT context) and Salesforce is launching a range of enterprise-specific apps for Apple Watch.
The smartwatch is the next BYOD frontier and it ratchets up some of the BYOD challenges
That employees will be using smartwatches and other wearables in the workplace is a given. Many are likely to use them for at least some work-related tasks, particularly notifications. The devices will generally be employee-owned, making them the next BYOD device that you need to address.
There are, however, some added challenges when it comes to smartwatches and other wearables.
- These devices are even more personal than smartphones
- Many deliver health-focused features in addition to communication features
- There is a more diverse range of platforms than in the largely two player (iOS and Android) smartphone market
- The management capabilities are much less sophisticated for these new-to-market technologies
Blocking smartwatches is a non-starter
When employees started bringing their own technology into the workplace, be it in the form of smartphones, tablets, apps, or cloud services, the first impulse of many IT organizations was to try to block that technology. Although understandable, this approach was problematic and often ineffective. Workers found ways around those blocks, including using personal data plans and LTE networks instead of corporate Wi-Fi. This gave raise to the shadow IT phenomenon and caused IT to lose insight into and authority over workplace technology.
At present, there are few technical options for blocking smartwatches. As summarized by MobileIron Security Evangelist Mike Raggo, they’re generally limited to blacklisting the app that pairs a smartwatch to a phone (if possible) or disabling Bluetooth (in whole or in part). Neither is ideal. Both will likely encourage employees to un-enroll their devices from an EMM solution, causing IT to lose insight or control of those devices.
Disabling Bluetooth, particularly without explicit knowledge and consent of users, can also present a health and safety concern. Many people use Bluetooth-connected health devices to manage chronic diseases like heart disease and diabetes (the most extreme examples include connected insulin pumps and the so-called “artificial panaceas” that uses a Bluetooth phone to manage continuous insulin to continually regulate blood glucose in type 1 diabetics, where disabling Bluetooth could potentially be fatal). It also means removing the pairing with cars or hands-free devices for use while driving.
For some devices, this approach breaks down completely because they have an independent cellular connection and don’t rely on being paired with a phone in order to function or access the Internet.
The answer: policy updates and employee engagement
At present, the answer to the smartwatch challenge is centered on open communication, transparency, and working with employees. Much as shadow IT can provide a chance for IT to engage, learn, and ultimately advise workers on key security practices, the ideal approach to smartwatches focuses on the same principles.
- Work with HR and legal to update mobility and acceptable use policies to establish clear guidance and expectations about how smartwatches can be used in the workplace and spell out any consequences for a data breach related to them.
- Proactively communicate with users about the security risks associated with accessing corporate content on a smartwatch, wearable, or any sort of a paired device. Do this in an engaging and honest manner that acknowledges that there is business and productivity potential as well as significant personal uses for these devices.
- Ensure that users understand what data IT can and cannot access from their smartwatches or other wearable devices, either directly or through a managed phone with which they are paired. This builds a culture of trust around devices that contain health and other vital personal data and are now life-critical to many people.
- Actively solicit feedback and experiences about how these devices are being used (including information about specific devices and apps) to understand their potential as well as their risks. Use this information to create a two-way dialog.
- Provide regular advice about ways to use smartwatches to increase productivity as well as general tips, including those you learn from users. Also offer purchase/setup advice to employees considering or planning a smartwatch purchase. Use these communications to reiterate security concerns and related policies.
- If you have an employee engagement, training, or support initiative, particularly one modeled after Apple’s Genius bar concept, use it as a way to discuss and even demonstrate smartwatches and other wearables as well as to discuss security concerns and business use cases.
Ultimately the goal here, as is in other areas, is to establish IT as the trusted technology advisor to workers, managers, and the entire organization rather than being seen as an untrustworthy evil to be tolerated and worked around where possible. This has implications for smartwatches directly, but it also impacts the overall relationship of IT with the rest of the company. Indeed this is the ideal role for IT in virtually all areas of interaction.
Smartwatches are just the beginning
Smartwatches and wearables represent the next generation of BYOD, but other generations will follow them. The nascent Internet of Things promises to link smartphones with virtually every device in our homes. Our cars already pair with our phones for some basic features. Infotainment overlays like CarPlay and Android Auto will expand that. And some automakers have already announced models where Android itself is the infotainment system. Addressing smartwatches today helps create a framework for how you will address all of these technologies in the next few years.