The metaverse is coming – and it will be here sooner than you think. Gartner predicts that by 2026, a quarter of people will spend at least an hour a day in the metaverse.
This is great news for businesses as it will unlock new business models and ways of working that add value in ways we can only guess at right now. As Accenture puts it, the metaverse “will transform the way companies interact with customers, how work is done, what products and services companies offer, how they make and distribute them, and how they run their organizations.”
However, from a business security standpoint, the metaverse presents a host of challenges. Most businesses today struggle with securing the data and infrastructure they already have. In the multidimensional world of the metaverse, this will become exponentially more difficult.
The metaverse is still a moving target. Today we are more or less at a similar stage in its development life cycle as we were for the Internet in the early 1990s. But unlike in the ’90s, today we have a much better idea of the kinds of threats that can arise in powerful digital ecosystems, meaning we can be much better prepared for what’s to come.
The key is to start now, with an industry-wide effort to address the challenges of the metaverse and mitigate them before they become a problem.
What risks does the metaverse entail? The metaverse will see challenges similar to the current security challenges facing digital organizations, only adapted to the different forms of engagement, interaction and access that come with immersive, virtual environments.
Social media platforms are inundated with aggression, bullying, intimidation and exploitation. There’s no reason to think that these plagues won’t affect the metaverse.
With that in mind, I think there are four key questions that all CISOs and technology teams should be asking about the metaverse today:
Can we protect PII (and other sensitive data) in the metaverse?
Securing Personally Identifiable Information (PII) is already an urgent requirement for businesses, especially in light of regulations such as the California Consumer Privacy Act (CCPA) in the US, the General Data Protection Regulation (GDPR) in Europe and China’s Personal Information Protection Law (PRPL).
The metaverse does not alter companies’ obligations to secure PII as set forth in such laws. What it does, however, is scaling exponentially the amount of PII and other sensitive data organizations collect, store, and manage to deliver metaverse experiences.
Much of this data will come from technologies that enable the blurring of the digital and physical worlds that define the metaverse, such as biometric devices, smart speakers and microphones, and virtual reality headsets. Data management, endpoint security, network security and much more will become significantly more important as PII increases.
Such capabilities must be delivered in a way that does not slow down the performance of the underlying network. After all, a laggy, jittery metaverse would quickly lose users.
How can I authenticate users?
Another challenge facing today’s business technologies is how to verify people’s identities when they access sensitive digital services, such as banking applications or corporate networks.