Is Alexa for Business smart technology or a security nightmare?

26/06/20184 Minute Read

Is next-gen smart technology worth adding to your IT network? It’s up to you to vet any new tech before bringing it on board. After all, you already have enough security vulnerabilities to cope with on a daily basis, and choosing an unsecured solution may only eat up more of your precious time and resources.

Take Amazon’s Alexa for Business, for example. When Amazon announced Alexa was coming to the office, people freaked out. TechCrunch’s Jordan Crook even wrote, “The interface is evolving.” Everyone believed for a second that apps and screens were over, and 2018 would be the age of voice commands. But is Alexa for Business better than Alexa for the home, or are hackers rubbing their hands together with anticipation?

Alexa vs. Alexa for Business

Amazon Alexa powers several devices, and consumers can wake up these devices with a word to play music or audio, make lists, check the weather or traffic, set alarms, and control other smart home devices. Alexa for Business uses the same devices, with additional monthly enrolment fees. While there are integrations through AWS’s existing partnerships, with companies like Microsoft Exchange, Salesforce, and Splunk, it’s more like “home plus” than an all-new product. Here’s what’s new:

  • IT can designate “Business Administrators,” skills, users, personal devices, and shared devices, but administrators can’t access recordings.
  • If you’re already an Alexa power user at home, you can merge your personal and business accounts to take advantage of your existing settings.
  • Alexa for Business offers some built-in capabilities, including conference calling and calendar scheduling.
  • There’s a lot of developer potential, including API access.

What do you stand to gain?

According to Medium, researchers discovered the average office worker spends 4.5 hours a week just looking for documents. Is Alexa for Business a solution to your productivity woes? Probably not. Especially since it can’t help you find your files. Amazon Alexa can’t do everything you need it to do—unless your employees’ responsibilities are primarily conference calling and calendar scheduling. You could make it do a lot more if you have skilled developers on your team with free time or you’re patient enough to wait, but what about the learning curve? There’s bound to be setup and training needed, unless your people are Alexa fanatics out of hours.

Amazon Alexa could lead to minor productivity gains, but how much time does it take to join a conference call or add a calendar item? Ultimately, your mileage will vary depending on your users, developer resources, and use cases. For many, your productivity lift may be better with an AI-powered bot for finding files, like Butter.ai.

Consider your data security

According to Amazon, Alexa isn’t always recording, but she’s always listening. These devices are always on, waiting for your verbal commands. Recordings of your voice commands—and a few extra seconds before and after you talk—are stored and encrypted in the cloud for an unknown length of time. At the very least, according to Wired’s Brian Barrett, you can manually delete recordings through the app.

Shockingly enough, recordings from an Amazon Echo were used in a murder trial in the USA in late 2016. While it’s not clear exactly what Alexa heard that night or the data retrieved by the police, the report revealed the device was used to play music the night someone died and police were able to obtain cloud data with a warrant. While it’s unlikely a virtual personal assistant for the workplace could get anyone in your company indicted for murder, these smart technologies are a source of potentially vulnerable data stored in the cloud.

Assess Alexa’s security vulnerabilities

Last year wasn’t the best year for Alexa’s security, to say the least. In August 2017, security researcher Mark Barnes reported a physical security flaw in Amazon Echo devices manufactured before 2017 that allowed anyone with soldering expertise to create a full-time wiretap.

And in September 2017, Chinese Researchers from Zhejiang University figured out how to attack Alexa and other voice assistants with ultrasonic frequency commands inaudible to the human ear. The “Dolphin Attack” method requires about £2 of equipment and modifications to a smartphone. While Dolphin Attack range is currently limited to five or six feet, researchers successfully executed the command “open the back door” and hacked an Audi Q3’s navigation.

A 2017 Symantec report on virtual assistants for the home reached mixed conclusions on Alexa’s security vulnerabilities:

  • The good news: A mass infection of malware is unlikely, since devices aren’t directly linked to the internet.
  • The bad news: Though most known hacks require proximity to a device, there’s a world of other potential security issues, including cloud data leaks.

Decide if this smart technology is worth it

Alexa for Business is another endpoint on your network. As an IT pro, you weigh risks and rewards—a new vulnerability needs to carry rewards, like productivity gains. While some endpoints have built-in security and the potential to monitor and self-heal against attacks, Alexa for Business isn’t necessarily engineered for security.

If you’re looking for a secure AI assistant that can make your job easier right out of the box, you may want to wait for other options or future iterations. But if you’re already an Alexa power user with a robust personal account and you have a job that involves a lot of calling and scheduling, this smart technology might be for you.

Jasmine W. Gordon 27/09/2018 4 Minute Read

Security Leader Profile: HP’s Michael Howard talks print sec…

Michael Howard never stops moving. As the Head of Security Practice at HP, he divides his time between leading a global team of print security...

Tektonika Staff 20/09/2018 4 Minute Read

Monitor your print fleet with these three security controls

The growth of the Internet has offered businesses unprecedented opportunities in communication and commerce. But it's done the same for hackers. As the...

Tektonika Staff 13/09/2018 8 Minute Read

Expert tips on endpoint security: understand how to stay compliant

With 21 years under his belt, Jason O'Keeffe is one of the world's foremost experts in IT security. As lead HP Print Security Advisor, he has firsthand...

  1. 2

Leave a Comment

Your email address will not be published. Required fields are marked *