Securing the metaverse: 3 critical concepts

We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more

The physical and virtual worlds are already woven in a simple and ubiquitous way. Metavers will deepen this overlap and, in a very practical way, create ample space for business innovation.

Metavers is an unparalleled phenomenon that will take the digital user experience to new heights. The Metawors ecosystem already includes hundreds of companies, from Fortnight and Roblox to Microsoft and Meta (Facebook has been renamed).

For companies, Metavers presents exciting opportunities. For example, a leading pharmaceutical company used the Infosys XR platform to create the digital twin of their vaccine lab, enabling quality engineers to access complex vaccine culture data to help make predictions and decisions.

Similarly, an engineering consulting firm took advantage of Infosys’ metavers to prototype an immersive mixed reality workbench that monitors potential engineering construction sites presented as a rich 3D asset. The potential for global use on Azure’s high-performance cloud was developed and measured, with Microsoft’s willing support, Infosys has long been a partner.

But security and privacy concerns are of paramount importance in Metawars. Currently, there is no regulation in this space. As Metawars becomes more mainstream, the governing bodies will consider tightening controls. For example, one of the central characteristics of metavars – the use of avatars – creates opportunities for deception. It is common knowledge that is crucial in metavars for the concept of identity. People can retain certain avatars and personalities and pass through the whole geography or world.

Metavers will require people to claim identity by sharing their PII and allowing businesses, organizations and other virtual citizens to authenticate who they are. If violated in this state, it could cause serious harm to stakeholders. Fraudsters can mimic the profiles of established companies, leading to fraudulent transactions and unauthorized collection of personal data. Metavers will have to overcome its own unique challenges regarding identity and authentication, i.e. also develop verification systems.

Also, given that Metavers run on blockchain technology, there is no chance of recovering stolen assets, as the blockchain is unregulated and has no central authority or administration. And there is no single approach to identifying cyber thieves and isolating them.

In addition, access to metavars ultimately relies on software and other tools that can be manipulated for malicious purposes, emphasizing the importance of maintaining robust security protocols that are regularly updated. But companies will also need to design security and privacy strategies that are specifically designed for metavers.

What should a corporate CISO do to address these security challenges? When using VPNs and related tools, it will be necessary to secure devices that are basic for metavors such as VR / AR headsets. But that’s just a starting point.

It will be necessary to focus on the following three areas:

1. Collaboration

Today, it is almost impossible to have a single glass panel from which end-to-end security can be managed. Almost every vendor has its own console with numerous closed ecosystems and frequent functional duplications. Further use of standards and APIs will allow customers to choose the security management console that best meets their needs. Also
APIs have limited availability and many of them are slow, unreliable and not well measured.

Over time, more sophisticated security engineering will mean that ‘Zero Trust’ will evolve into ‘Zero Touch’ with AI-based automation and control. There is also a need to realize that legacy and on-love systems will become increasingly dangerous over time, as almost all security innovations take place in the cloud.

2. Democratization

Cyber ​​security is not something that can be handed over to CISO with limited budget and authority, which is often forgotten. It must be a CISO-led responsibility shared by everyone and supported by the board. Skills, too, remain a challenge. Over time, automation will help resolve skill differences, but intermediate managed service security providers will play a crucial role. In addition to expert skills, basic security skills need to be comprehensive. Everyone in the organization, from the reception to the board room, should understand the metavers, including its special security features and be able to sound the alarm when needed.

3. Embedded security for metavers

While security is increasingly being built into all products, services and processes, organizations also need to ensure that security is involved in every process. For business operations to be effective, security needs to be viewed not just as a technology privilege but as a business requirement. It should be roasted from the beginning,
Covers people, processes and technology. With organizations that need to jump on Metawars bandwagon to provide an ‘out-of-the-world’ experience, Safe-By-Design needs to move through the doors of the enterprise. Most corporations act as the main node in metavars, requiring security to be embedded in the agreement with the hosting entity.

Business leaders also need to speak the same language as their security counterparts, as their sponsorship will be an excuse to ensure that employees and partners become more aware of the issue, which in turn can emerge as a brand differentiator for consumers.

Metavers has the potential to open up huge new opportunities for ventures in virtually every sector of the economy. But realizing this opportunity depends on enterprises investing in building strong security and privacy protocols that build trust in space.

That process may not start soon.

Vishal Salvi is the Chief Information Officer and Head of Cyber ​​Security at Infosys,


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.

If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing to your own article!

Read more from DataDecisionMakers

Similar Posts

Leave a Reply

Your email address will not be published.