60% organizations with no policy to address AR apps at work: ISACA

With this year’s release of Pokémon Go, awareness of augmented reality (AR) applications soared among organizations and consumers. Despite its popularity and potential business benefits, AR adoption rates are slow among enterprises, according to a new study from global business technology and cybersecurity association ISACA. The study coincides with ISACA’s ongoing CSX 2016 Asia Pacific conference, which opens today in Singapore. The report polled thousands of business technology professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs organizations and consumers must make in weighing both the benefits and potential threats. This year’s five-country consumer study – conducted in the US, UK, Australia, India and Singapore – focused on IoT devices and those enhanced with AR.

Businesses concerned about AR security threats

The report states that many organizations quickly leveraged the popularity of Pokémon Go as an opportunity to attract customers. However, ISACA’s 2016 IT Risk-Reward Barometer indicates that organizations are still hesitant to use AR for business purposes, and consumers also have concerns about the possible risks of Internet of Things (IoT) devices enhanced with AR. Only 21% of the 6,591 professionals surveyed are convinced that the benefits of AR outweigh the risks—the majority remain unsure.
“We expect to see this number change in the very near future as businesses begin to view AR as a valuable technology that results in positive business outcomes, including improved training, education, marketing and customer experience,” said Rob Clyde, Board Director, ISACA and Executive Advisor at BullGuard Software.
Among business technology professionals in Singapore, security concerns posed the top barrier for organizations adopting AR, followed by lack of skills/knowledge. Additionally:
  • More than one in three organizations (34%) have no plans to use AR applications within the next year.
  • 60% don’t have a policy to address the use of AR apps in the workplace.
  • Only 23% of respondents have used AR outside of work.
  • Only 25% are confident they have a way to detect pictures, posts and videos geotagged to their business location or advertisements.
Singapore Consumer Perspective: IoT and AR
However, Clyde holds that even those who aren’t actively using AR need to be monitoring it. Virtual graffiti apps using AR technology can deface buildings, landmarks and other surfaces with negative, unauthorized imagery. Yet only 9% of organizations in Singapore have a program in place to monitor them. More than three in four consumers in each region surveyed are concerned that these enhancements may make their devices more vulnerable to a privacy breach. In Singapore, that number rises to 89%. Additionally, the majority of consumers in each region (74% in Singapore) believe that their workplace is vulnerable to virtual graffiti attacks.

Recommendations for Adopting AR in the Workplace

ISACA experts offer organizations the following recommendations to account for the risk and reward represented by augmented reality and IoT:
  • Extend social media monitoring to AR platforms. Leverage and extend current social media policies and monitoring to augmented reality platforms.
  • Consider how AR can improve your business. Training, diagnostics and marketing are three areas with particularly strong potential.
  • Review your governance framework and update your policies. Incorporate use of AR as part of the business into organizational policies and procedures—including BYOD (bring your own device) and privacy policies.
  • Build security into every part of the process. Security is a crucial component of AR initiatives that helps ensure confidence in the data.
“Enterprises need to work on being agile and applying sound measures around governance, security and risk management to fully realize the benefits of these technology advances. Proactive monitoring for malicious activity like virtual graffiti and data breaches is critical for businesses to gain the full value of new technologies while mitigating risk,” said Christos Dimitriadis, chair of ISACA’s Board of Directors and Group Director of Information Security for INTRALOT.