The advantages of using augmented reality solutions are obvious. With the help of wearables, employees can carry out their work faster, more flexibly and more securely, are proven to make fewer mistakes and are more satisfied at work. As the name suggests, smart glasses only work when they are recording data. Therefore, the security of such data is a major issue for all companies that use AR solutions.
Table of Contents
Choice And Management Of The Solution
When selecting the solution, companies should pay attention to which features it brings with it. Some points are of different importance depending on the company and area of application, and others should always be included.
For example, it makes sense to delete data on the wearable remotely, locally and automatically if the device is stolen or lost. A root of trust, i.e. a security reference, as the basis for all security operations of the system should also be available and supported by the firmware or the operating system. Last but not least, regular software updates and integrated anti-virus software are essential to ensure recorded data security.
Encryption of the data and the network connections that are established via the wearables is also essential. Photos or video sequences are often sensitive data that are better protected in encrypted form. But it is also important to ensure that you generate as little sensitive and personal data as possible – a point that every individual can put into practice.
With the help of anti-manipulation mechanisms, it is possible to avoid uncontrolled checks or changes to the hardware by third parties. For example, users can decide for themselves whether to open exposed connections such as USB ports. These are sometimes designed to be permanently open at the factory to facilitate connections. Here, too, the individual requirements for the solutions in the company must be taken into account, and the devices must be adapted accordingly.
AREA’s AR Security Framework
The Augmented Reality for Enterprise Alliance (AREA) has developed a framework in which the secure implementation of AR solutions in the IT infrastructure of companies is described using three phases. These phases are identifying relevant security requirements, creating and evaluating a security design, and testing the infrastructure using active attacks. Any company that wants to implement AR-based solutions can use this framework to identify its own IT security requirements in advance and to check the security design that has been developed.
Holistic IT Security Strategy
A final aspect relates to a company’s strategy to ensure data security. The overriding IT security should be discussed and negotiated at the management level, if possible, together with the CISO (Chief Information Security Officer). Assessments and measures to ensure data security must also be explained to all employees to ensure a smooth process when using AR solutions. Regular security training courses for employees are also important to remind them of the importance of IT security at all times, refresh security practices that have been learned, and share new findings.