Bring your own device - a concern for organizations? : A thesis about tech organizations awareness and management of smartwatches

Abstract: With 5G around the corner and an overall increase in a faster and more stable internet connection, the future of Internet of Things (IoT) looks bright. There is a steady increase in the development of IoT devices, such as the smartwatch, and a high increase in usage of IoT, both by organizations and private citizens. Organizational managing of a smartwatch falls under the “Bring your own device” (BYOD) policy which allows employees to do work on their private devices. It appears to be a lack of knowledge in organizations on how to manage IoT devices both regarding policies and technical IT security. There has been an increase in malware attacks against IoT devices, and compromised smartwatches could be used to gain unauthorized access to organizations’ networks. The smartwatch is a common and powerful IoT device and will be used as an example in this thesis which purpose is to examine how organizations’ perceive and manage IoT devices, focusing on the smartwatch in order to gain insight regarding whether IoT devices such as the smartwatch is an area of concern within organizations. To understand the smartwatch, understanding IoT first will be important. The literature review delves into both IoT and smartwatch functionality and security. It looks at the BYOD policy and technical IT security solutions regarding the smartwatch. The review pointed to there being IT security issues with smartwatches and that implementing a BYOD policy increases productivity but increases the risk of malware attacks from and against the allowed devices. To fulfill the thesis purpose, qualitative interviews with high ranking IT security personnel at tech organizations were performed, thematized, and analyzed. The most prominent results are discussed; if the smartwatch is a threat and possible technical solutions for prevention, the organizations customer businesses IT security level, and BYOD policy. The results from the thesis showed that the organizations had a high awareness of the smartwatch and the IT security risks brought with it. They all had BYOD policies to restrict/limit access for the smartwatch’s access to their internal networks and a set of technical solutions to prevent breaches in the IT infrastructure and to detect if there had been a breach. The informants claimed that their organizations’ awareness regarding the smartwatch and the concerning IT security was higher than many of their customer businesses, which makes for an interesting subject for future research. How can these organizations reach the same level of awareness?