We’re excited to bring Transform 2022 back in person on July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful conversations and exciting networking opportunities. Learn more
The physical and virtual worlds are already smoothly and ubiquitously intertwined. The metaverse will deepen this overlap and in highly experiential ways that will create abundant space for business innovation.
The metaverse is an unstoppable phenomenon that will take the digital user experience to new heights. There’s already a sprawling metaverse ecosystem made up of hundreds of companies, from Fortnite and Roblox to Microsoft and Meta (rebranded it as Facebook).
For companies, the metaverse offers attractive opportunities. For example, a leading pharmaceutical company used the Infosys XR platform to create a digital twin of their vaccine lab, giving quality engineers access to critical vaccine culture data to help make predictions and decisions.
Similarly, an engineering consultancy took advantage of Infosys’ metaverse to prototype an immersive mixed reality workbench that inspects future engineering construction sites rendered as rich 3D assets. The capability has been developed and scaled for global use on Azure’s high-performance cloud, with support from Microsoft, a long-standing Infosys partner.
But concerns about security and privacy are gaining importance in the metaverse. Currently, there is little to no regulation in this space. Governing bodies will try to enforce strict controls as the metaverse becomes more mainstream. For example, one of the central features of the metaverse – the use of avatars – creates opportunities for fraud. It is well known that for the concept of identity is crucial in the metaverse. People can maintain a certain avatar and individuality and travel through geographic areas or worlds.
The metaverse requires people to claim an identity by sharing their PII and allowing companies, organizations and other virtual citizens to verify who they are. If an infringement were to occur in this state, it could cause serious harm to interested parties. Rogue sellers can impersonate established companies’ profiles, leading to fraudulent transactions and unauthorized collection of personal information. The metaverse will have to overcome its own unique challenges related to identity and authentication, meaning authentication systems will have to evolve as well.
Since the metaverse runs on blockchain technology, there are also no opportunities to recover stolen assets as blockchain is unregulated and has no centralized authority or administration. And there is no one-size-fits-all approach to identifying and isolating cyber thieves.
In addition, access to the metaverse ultimately depends on software and other tools that can be manipulated for nefarious purposes, further emphasizing the importance of maintaining robust security protocols that are regularly updated. But companies will also need to design security and privacy strategies that are specific to the metaverse.
What should corporate CISOs do to address these security challenges? It is essential to secure the devices that are fundamental to the metaverse, such as VR/AR headsets, while deploying VPNs and related tools. But that’s just a starting point.
Focus on the following three areas will be needed:
1. Collaboration
Today it is almost impossible to have a single pane of glass to manage the end-to-end security. Almost every vendor has their own console, with numerous closed ecosystems and frequent functional duplication. Standards and increased use of APIs allow customers to choose security management consoles that best meet their needs. But
APIs are limited and many of them are slow, unreliable, and don’t scale well.
Over time, more advanced security engineering will mean that ‘zero trust’ will evolve into ‘zero touch’ with AI-based automation and control. One should also realize that legacy and on-prem systems will become increasingly risky over time as almost all security innovation takes place in the cloud.
2. Democratization
Cybersecurity is not something that can be delegated to a CISO with limited budget and authority, who is often forgotten. It should be a responsibility shared by all and led by a CISO with the support of the board. Skills also remain a challenge. Over time, automation will help close the skills gap, but in the meantime, managed service security providers will play a critical role. In addition to specialist skills, basic security skills must also be ubiquitous. Everyone in an organization, from the front desk to the boardroom, needs to understand the metaverse, including recognizing its unique security features and being able to sound the alarm when needed.
3. Integrated security for the metaverse
While security is increasingly built into all products, services and procedures, organizations also need to ensure that security is embedded in every process. For business operations to be effective, security must be viewed not only as a technology privilege, but also as a business necessity. It must be baked in from the start,
about people, processes and technology. With organizations looking to jump on the metaverse bandwagon to provide an “out of the world” experience, secure-by-design needs to go beyond the gates of the enterprise. Since most companies act as key nodes in the metaverse, security must be embedded in contracts with hosting entities.
Business leaders should also speak the same language as their security counterparts, as their sponsorship will help raise awareness among employees and partners. That, in turn, can become a brand differentiator for customers.
The metaverse has the potential to unlock huge new opportunities for businesses in virtually every sector of the economy. But realizing this opportunity will depend on enterprises investing in creating robust security and privacy protocols that build trust in the space.
That process cannot begin soon enough.
Vishal Salvi is the chief information security officer and chief of cybersecurity at Infosys.
DataDecision makers
Welcome to the VentureBeat Community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
This post Securing the Metaverse: 3 Critical Concepts
was original published at “https://venturebeat.com/2022/03/26/securing-the-metaverse-3-critical-concepts/”