Cherries - stock.adobe.com
When it comes to wearable device security, traditional "castle and moat" measures won't cut it, said Brian Laughlin, technical fellow, strategic technical planning and IT architecture at Boeing.
Laughlin sat down with SearchCIO at the recent Enterprise Wearable Technology Summit in Boston to discuss the increased vigilance needed in wearable device security due to an ever-growing list of potential attack vectors.
He suggests that part of the solution is to approach security differentially by creating different security levels and classifications for various assets.
What kind of privacy and security concerns do you see stemming from wearable device use?
Brian Laughlin: [The wearable device security concerns] are huge.
It's funny because, in the past, security has always been about basically building a big castle and digging a really deep moat around it. That has generally been our approach.
For example, we'll take the Target breach -- the way that that actually occurred was an HVAC company was doing work at Target and the vector was actually getting in through the HVAC company. Then they made their way through the network to the credit card machines and the next thing you know, we've compromised a whole lot of customers' information.
When we're talking about aircraft and fields like medicine, we have to be vigilant because if we make a mistake, there are a lot of lives on the line and we simply cannot afford that.
Brian Laughlintechnical fellow, strategic technical planning and IT architecture, Boeing
We have to make sure that we understand what the nature of the problem is and then make sure we're looking at all the different potential attack vectors. The front door isn't going to be the problem; it's going to be that window that you didn't know that was open.
We have to make sure that we really understand and protect against all the potential myriad ways that [wearables] could be attacked. One of the things that were trying to do that's a little bit different is, as we start to understand security a little better, we're protecting assets differentially.
Again, in the past, we kind of dug a deep moat around the big castle. The problem is that once you get across that moat, then everything's open. In the same way that you wouldn't put your best glasses in the safe in your bedroom, we're trying to start to segregate and divide up the different security levels and make sure that they're appropriate for the different kinds of assets that we have.
Dig Deeper on Cybersecurity strategy
Related Q&A from Brian Holak
You can't have machine learning without help from IT, but the discipline is bigger than IT. Practitioners weigh in on who owns the machine learning ... Continue Reading
In this Ask the Expert, Gartner's Marco Meinardi explains why denying access and applying too much intermediation are not effective in neutralizing ... Continue Reading
Forrester's Thomas Husson gives his take on the difference between virtual assistants and chatbots. He says one is closer to a 'dynamic FAQ' and the ... Continue Reading