Ubimax, 23 July 2020
The advantages of using augmented reality solutions are more than evident. Employees can perform their work faster, more flexibly and safely with wearables. They provably make less mistakes and are more satisfied at work. However, as the name already says, smart glasses only work by recording and processing data. The security of the data is therefore a major issue for all companies using AR solutions.
A 2018 study by IDC Central Europe GmbH showed that only 58 percent of the 230 German organizations surveyed had implemented a central information security strategy. Reason enough to take a closer look at the security of data collected by wearables and to note what needs to be considered in this regard. In the following, we have compiled five tips on this topic.
Already when choosing the solution, one should pay attention to the features it offers. Depending on the company and range of application, some points are of varying importance, others should be included in any case. For example, it is useful to be able to delete data on the wearable remotely, locally, and automatically should the device be stolen or lost. A root of trust, a security reference, as the basis for all secure operations of the system should also be implemented and supported by the firmware or operating system. Last but not least, regular software updates as well as an integrated anti-virus software are indispensable to ensure the security of the recorded data.
The encryption of the data and the network connections that are established via the wearables is essential as well. Photos or video sequences are often sensitive data which are better protected in encrypted form. However, it is also important to ensure that as little sensitive and personal data as possible are generated – a point everyone can put into practice.
With the help of anti-manipulation mechanisms, it is possible to avoid uncontrolled checks or changes to the hardware by third parties. The users can for example decide themselves when to open exposed ports such as USB ports. These are sometimes designed permanently open by the manufacturer to facilitate connections. So here, too, the individual requirements of the solutions in the company must be taken into account, and the devices must be adapted accordingly.
The Augmented Reality for Enterprise Alliance (AREA) has developed a framework in which the secure implementation of AR solutions in the IT infrastructure of companies is described using three phases. These phases are the identification of relevant security requirements, the creation and evaluation of a security design, and penetration tests of the infrastructure. This framework can be used by each company considering implementing AR solutions to identify their own IT security requirements in advance and check the developed security design.
A last aspect deals with the strategy of companies to ensure data security. The overall IT security should be discussed and negotiated at management level, if possible, together with the CISO (Chief Information Security Officer). Assessments and measures to ensure data security must also be explained to all employees in order to ensure a smooth process when using AR solutions. Security training for employees on a regular basis is important to always remind them of the importance of IT security, refresh learned security practices and share new insights.
There are several things to consider when selecting the appropriate AR platform, but care must also be taken when handling the solutions and during their active use. The important thing is: data security is everybody’s business! If this is taken into account, AR solutions can improve the work of frontline workers in the long term.