Asia's Source for Enterprise Network Knowledge

Tuesday, April 25th, 2017

Security

ISACA offers recommendations for adopting augmented reality in the workplace

First iOS trojan exploiting Apple DRM design flaws infects any iOS device

With this year’s release of Pokémon Go, awareness of augmented reality (AR) applications soared among organizations and consumers. Despite its popularity and potential business benefits, AR adoption rates are slow among enterprises, according to a new study from global business technology and cybersecurity association ISACA. The study coincides with ISACA’s first CSX 2016 Asia Pacific conference, which openedyesterday in Singapore.

Many organizations quickly leveraged the popularity of Pokémon Go as an opportunity to attract customers. However, ISACA’s 2016 IT Risk-Reward Barometer indicates that organizations are still hesitant to use AR for business purposes, and consumers also have concerns about the possible risks of Internet of Things (IoT) devices enhanced with AR. Only 21 percent of the 6,591 professionals surveyed are convinced that the benefits of AR outweigh the risks—the majority remain unsure.

“We expect to see this number change in the very near future as businesses begin to view AR as a valuable technology that results in positive business outcomes, including improved training, education, marketing and customer experience,” said Rob Clyde, board director of ISACA and executive advisor at BullGuard Software.

Security concerns is top barrier

Among business technology professionals in Singapore, security concerns posed the top barrier for organizations adopting AR, followed by lack of skills/knowledge.

Additionally, more than one in three organizations (34 percent) have no plans to use AR applications within the next year.

Sixty percent don’t have a policy to address the use of AR apps in the workplace. Only 23 percent of respondents have used AR outside of work. Only 25 percent are confident they have a way to detect pictures, posts and videos geotagged to their business location or advertisements.

However, even those who aren’t actively using AR need to be monitoring it, says Clyde. Virtual graffiti apps using AR technology can deface buildings, landmarks and other surfaces with negative, unauthorized imagery. Yet only nine percent of organizations in Singapore have a program in place to monitor them.

ISACA’s annual IT Risk/Reward Barometer polls thousands of business technology professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs organizations and consumers must make in weighing both the benefits and potential threats. This year’s five-country consumer study – conducted in the US, UK, Australia, India and Singapore – focused on IoT devices and those enhanced with AR.

More than three in four consumers in each region surveyed are concerned that these enhancements may make their devices more vulnerable to a privacy breach. In Singapore, that number rises to 89 percent. Additionally, the majority of consumers in each region (74% in Singapore) believe that their workplace is vulnerable to virtual graffiti attacks.

Still, the potential upside of AR is evident. A recent estimate from Goldman Sachs predicts that the hardware and software market for augmented reality and virtual reality will grow to US$80 billion by 2025.

About 80 percent of Singapore professionals indicate that augmented reality has the potential to increase engagement in their workplace – specifically in the areas of remote participation for training and development, during office training sessions and for communication between office leaders and staff.

Recommendations for Adopting AR in the Workplace

ISACA experts offer organizations the following recommendations to account for the risk and reward represented by augmented reality and IoT:

  • Extend social media monitoring to AR platforms. Leverage and extend current social media policies and monitoring to augmented reality platforms.
  • Consider how AR can improve your business. Training, diagnostics and marketing are three areas with particularly strong potential.
  • Review your governance framework and update your policies. Incorporate use of AR as part of the business into organizational policies and procedures—including BYOD (bring your own device) and privacy policies.
  • Build security into every part of the process. Security is a crucial component of AR initiatives that helps ensure confidence in the data.

“Enterprises need to work on being agile and applying sound measures around governance, security and risk management to fully realize the benefits of these technology advances.  Proactive monitoring for malicious activity like virtual graffiti and data breaches is critical for businesses to gain the full value of new technologies while mitigating risk,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.