The metaverse is coming — and it’ll be here sooner than you might think. Gartner forecasts that by 2026, a quarter of people will spend at least an hour a day in the metaverse.
This is great news for businesses, as it will unlock new business models and ways of working that will add value in ways we can only guess at now. As Accenture puts it, the metaverse “will transform how businesses interact with customers, how work is done, what products and services companies offer, how they make and distribute them and how they operate their organizations.”
However, from an enterprise security perspective, the metaverse presents a host of challenges. Most businesses today struggle with securing the data and infrastructure they already have. In the multidimensional world of the metaverse, this will become exponentially more difficult.
The metaverse is still a moving target. Today, we are more or less at a similar stage in its development lifecycle as we were in the early 1990s for the internet. But unlike in the ’90s, today we have a much better idea of the sort of threats that can emerge in powerful digital ecosystems, which means we can be much better prepared for what comes next.
The key is to start now, with an industrywide effort to discuss the challenges of the metaverse and mitigate them before they become a problem.
What risks will the metaverse bring? The metaverse will see similar challenges to the current security issues facing digital organizations, just adapted to the different forms of engagement, interaction and access that come with immersive, virtual environments.
Social media platforms are awash with aggression, bullying, harassment and exploitation. There’s no reason to think that these blights will not affect the metaverse.
With that in mind, I believe there are four key questions that all CISOs and technology teams should be asking about the metaverse today:
Can we protect PII (and other sensitive data) in the metaverse?
Securing personally identifiable information (PII) is already a pressing requirement for businesses, particularly in light of regulations such as the California Consumer Privacy Act (CCPA) in the U.S., the General Data Protection Regulation (GDPR) in Europe and China’s Personal Information Protection Law (PRPL).
The metaverse doesn’t change enterprises’ obligations to secure PII as set out in such laws. What it does do, however, is exponentially scale the amount of PII and other sensitive data that organizations will collect, store and manage to deliver metaverse experiences.
Much of this data will come from technologies that enable the blurring of the digital and physical worlds that defines the metaverse, such as biometric devices, smart speakers and microphones and virtual reality headsets. Data governance, endpoint security, network security and much else will be significantly more important as PII proliferates.
Such capabilities must be delivered in a way that doesn’t slow down the performance of the underlying network. After all, a laggy, jittery metaverse would quickly lose users.
How can I authenticate users?
Another challenge facing current enterprise technologies is how to verify people’s identities when they access sensitive digital services, such as banking applications or corporate networks.