Four ways to secure
customer data
in wearable technology

The wearable market is forecast to grow to more than $118 billion by 2028, which isn't surprising considering how ubiquitous these devices have become in the fitness and healthcare space.

But even with the huge demand, consumers are also wary of the collection of customer data, which makes it crucial for manufacturers to ensure wearable devices are as secure as possible. Developers and designers can enhance the security of wearable technology in several ways—and it all starts at the beginning of the development process.

Better protecting customer data starts well before a consumer receives a wearable device they've purchased—whether it's a fitness tracker, blood pressure monitor or heart rate monitor. Implementing what's known as a development security operations approach (DevSecOps) is one way companies can prioritize security in the design process.

To ensure security is integrated into the design and development process at the outset, many organizations have adopted a DevSecOps approach. This helps to ensure development, security and operations teams are working more collaboratively throughout the application development lifecycle and that they create an end product that effectively balances security and performance.

With this approach, security is treated as a shared responsibility, allowing cross-functional teams to identify potential vulnerabilities earlier in the development process without compromising their agility, so applications still get to market and in front of consumers in a timely way.

While not every company may fully integrate a DevSecOps approach, it's important they embrace a security-first development model where the wearable technology they create is inherently secure by design. When a wearable device is secure by design, it features several foundational security capabilities. Some of these core capabilities include automated patching, such as firmware and software updates that can help to address security vulnerabilities in a more responsive way. Customer data—specifically passwords, IDs and PINs—also should be encrypted at rest and in transit, providing more robust defenses when this information is transferred from one wearable technology to another or to a centralized database or platform for further analysis.

The threat landscape for wearable technology is constantly evolving, as hackers devise new and clever ways to infiltrate systems using technologies like artificial intelligence and machine learning. In response, companies should conduct regular vulnerability and penetration testing to address previously unknown and emerging security gaps. Companies need to have real-time and automated security mechanisms in place to better understand their security posture. Automated database monitoring, auditing and testing tools can help wearable technology manufacturers improve the security of their products once they get into consumers' hands.

Along with security automation, good governance is critical for companies to safeguard customer data. For example, IT development teams should establish blacklist and whitelist policies to reduce the likelihood that unauthorized users or applications will gain access to customer data stored on wearable devices.

As companies collect more customer data, transparency is also crucial. Verizon's Human Connection white paper found concerns about data governance was the leading reason a consumer would stop interacting with a company. The paper also found a lack of transparency over data could lead to a loss of revenue.

Companies should have clear data collection and usage policies and communicate these policies to consumers in a transparent and accessible way, such as on their website and in device setup materials. Collecting and storing the minimum customer data necessary to provide optimal device performance is another effective way companies can reduce the security risks associated with wearable technology.