Slashdot Mirror

← Back to Stories (view on slashdot.org)

Always-Listening IoT Devices Raise Security Policy Questions For the Workplace (securityweek.com)

Posted by timothy on from the meet-your-new-conference-bridge dept.

wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated. He uses an example of the Amazon Echo which is "always listening" and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent. "How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn't be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who's addressing all the other gadgetry?"

6 of 152 comments (clear)

  1. Simple.... by bev_tech_rob · · Score: 4, Insightful

    You don't allow it.......

    --
    You're messin' with my Zen Thing, man.....
    1. Re:Simple.... by Anonymous Coward · · Score: 2, Insightful

      Good luck telling someone they can't wear a watch.

  2. They were too busy asking themselves if they could by 0xdeaddead · · Score: 3, Insightful

    And not asking if they should

  3. Why are people accepting this? by gstoddart · · Score: 4, Insightful

    I don't get all of this, and frankly it's a little creepy.

    From Barbies which upload everything your child says to a server, to XBox units which send everything in your living to Microsoft, to whatever the hell an Amazon Echo is ... why the hell are people willing to accept something around them which is always listening, and always uploading everything you say to the internet?

    You want one of these things in your home, go right a head, that is your choice. But bringing shit like this into an office where it affects other people? That should be against a lot of corporate policies -- and in a lot of workplaces probably violates some legal requirements.

    I trust neither the competence, security practices, or behavior of these companies. They don't give a crap about you or your security, they care about monetization and analytics ... which means I assume anything written by Amazon like this is at least some fraction intended to line of the pockets of a corporation.

    You bring stuff like this into a workspace, and you should expect someone is going to be pretty pissed off that they're included in this without their consent.

    Keep your shiny baubles which violate your own privacy the hell home -- the workplace is NOT a place where everyone is willing to consent to the terms of service of Amazon just because some ass got a shiny toy for Christmas.

    --
    Lost at C:>. Found at C.
    1. Re:Why are people accepting this? by Simulant · · Score: 3, Insightful

      And then there's your cell phone....

    2. Re:Why are people accepting this? by geekmux · · Score: 4, Insightful

      I don't get all of this, and frankly it's a little creepy.

      From Barbies which upload everything your child says to a server, to XBox units which send everything in your living to Microsoft, to whatever the hell an Amazon Echo is ... why the hell are people willing to accept something around them which is always listening, and always uploading everything you say to the internet?

      Because the price of privacy (which is unproven until someone sees the evidence in their own bank accounts) doesn't even hold a candle to the price of "convenience", and speaking to control a computer (only something we've fantasized about in movies for half a damn century now) is somehow infinitely better than actually having to lift fingers and depress a touch screen.

      You want one of these things in your home, go right a head, that is your choice. But bringing shit like this into an office where it affects other people? That should be against a lot of corporate policies -- and in a lot of workplaces probably violates some legal requirements.

      Feel free to convince said consumer that talking into their watch (or vice versa) is somehow affecting other people. Sure, I get it from a security standpoint, but the other 99% of society who doesn't get paid to think about such concerns doesn't give a shit about it, and therefore will not even acknowledge it to be a problem to solve.

      I trust neither the competence, security practices, or behavior of these companies. They don't give a crap about you or your security, they care about monetization and analytics ... which means I assume anything written by Amazon like this is at least some fraction intended to line of the pockets of a corporation.

      You bring stuff like this into a workspace, and you should expect someone is going to be pretty pissed off that they're included in this without their consent.

      Keep your shiny baubles which violate your own privacy the hell home -- the workplace is NOT a place where everyone is willing to consent to the terms of service of Amazon just because some ass got a shiny toy for Christmas.

      With always-on Internet connections in every employee pocket (cell phone), coupled with WiFi/Bluetooth/next-gen wireless tech, good luck "securing" the workplace. The primadonnas will speak loudly in their "defense".

      You've also got the industry to fight too. We tried to enforce a policy that prohibited any cellular device from merely having a camera, to include corporate-issued devices. That didn't even work with the hardware vendor for longer than about a year or two.