The metaverse – a shared virtual environment where people can meet and interact in a wide array of activities – may sound futuristic. But in reality it is here. In fact, it is already offering exciting opportunities for enterprises in immersive workplace collaboration, virtual customer experiences and more. At DXC, for instance, we have already used the metaverse for team building, allocating private space, virtual workshops, career building and large events. A staff survey revealed that 57% have attended an event in our private metaverse environment, and over a third report being more engaged in their job because of the opportunity to meet in the metaverse. DXC employees even enjoyed a company-wide New Year’s celebration in the metaverse.
However, with all of these enticing virtual opportunities come real security risks. In short, the metaverse provides a much broader and better attack surface for threat actors to exploit, including the possibility of using a personal or corporate avatar to disrupt or manipulate the environment.
Key to combating those risks and keeping the metaverse safe as well as fun are strong digital identity practices that establish the veracity of the people we interact with and also protect our own identities.
In actuality, digital identity practices in the metaverse are no different from the checks, balances and controls needed in more familiar channels like chat and email. Unfortunately, as you can see from examples in this and other Security Threat Intelligence Reports, digital identity is already a challenge for most organizations and individuals, and the challenges manifest writ large in the metaverse. The metaverse intensifies how we present ourselves as individuals and escalates privacy issues, including exposing the kinds of conversations are we having, who we are interacting with and how we are communicating. In addition, I believe the metaverse is accelerating the current trend of blurring the lines between work and non-work, which raises even more privacy concerns.
Fortunately, effectively protecting digital identity involves relatively straightforward practices:
- Deciding how to best manage identities
- Maintaining security around the identities
- Determining who should be in certain environments
- Making sure people are who they say they are through multi-factor authentication and other techniques.
With strong digital identity management strategies in place, we can confidently launch into the rich wonders of the metaverse and allow it to transform the way we do business.
About the author
Mark Hughes is president of Security for DXC Technology. He is responsible for DXC’s Security business including cyber defense, digital identity, secured infrastructure and security risk management. He previously led DXC's offerings and strategic partners organization. A Royal Military Academy graduate and British Army veteran, Mark serves on the World Economic Forum’s Global Cybersecurity Board. Connect with him on LinkedIn.