Managing information security issues of wearable devices
Janatuinen, Julius (2019-06-07)
Managing information security issues of wearable devices
Janatuinen, Julius
(07.06.2019)
Lataukset:
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2019061220074
https://urn.fi/URN:NBN:fi-fe2019061220074
Tiivistelmä
Wearable devices are increasing in popularity every year, especially through devices like smartwatches and fitness trackers. These are the most common wearables at the moment, but wearables are a broad segment of different kinds of devices with many possibilities of enhancing individual and business processes. A wearable device is known as electronic components worn on your body or embedded in your clothes. Like other mobile devices, they do have information security risks and weaknesses. The problem is that they have not received proper recognition or a substantial amount of prior research, especially when compared to IoT devices or mobile phones. Wearables focus on specific things and data, which causes their own specific weaknesses and risks, alongside risks common to other mobile devices. The thesis starts with a literature review focusing on existing wearable information security literature and common knowledge about wearables required to understand wearable information security.
The research was done to provide organizations with risks and weaknesses of allowing or purchasing wearables for their company, the consequences of what could happen if these risks are ignored, and how an organization could prepare for these risks. Five different companies were interviewed, focusing on wearable manufacturing companies and information security companies, which had selected professionals with experience on this subject. The interviews were semi-structured, revolving around three different themes constructed from the research questions and existing wearable information security literature.
Wearables, from an information security point of view, could be called that they are all over the place, which means that there are high-risk devices and devices that have been made with information security in mind. Some manufacturers have focused on securing their applications and authentication methods. The individual nature of wearables makes them focused on the user, which makes awareness one of the key subjects to enhance their security. Wireless connections, person-specific data collection, and espionage capabilities are centered around the user. Organizations need to understand the use-cases for the wearable, before understanding what damage it could cause if the risks were abused. For now, the problem is that cases of wearables being infiltrated are scarce, mainly because ways to monetize them have yet to be discovered, but as wearables progress and differentiate we could see cases become more popular. Today's wearables could be considered safe enough to use as long as the proper procedures and enhancements mentioned in this thesis are followed.
The research was done to provide organizations with risks and weaknesses of allowing or purchasing wearables for their company, the consequences of what could happen if these risks are ignored, and how an organization could prepare for these risks. Five different companies were interviewed, focusing on wearable manufacturing companies and information security companies, which had selected professionals with experience on this subject. The interviews were semi-structured, revolving around three different themes constructed from the research questions and existing wearable information security literature.
Wearables, from an information security point of view, could be called that they are all over the place, which means that there are high-risk devices and devices that have been made with information security in mind. Some manufacturers have focused on securing their applications and authentication methods. The individual nature of wearables makes them focused on the user, which makes awareness one of the key subjects to enhance their security. Wireless connections, person-specific data collection, and espionage capabilities are centered around the user. Organizations need to understand the use-cases for the wearable, before understanding what damage it could cause if the risks were abused. For now, the problem is that cases of wearables being infiltrated are scarce, mainly because ways to monetize them have yet to be discovered, but as wearables progress and differentiate we could see cases become more popular. Today's wearables could be considered safe enough to use as long as the proper procedures and enhancements mentioned in this thesis are followed.