{"id":123375,"date":"2022-03-28T13:02:28","date_gmt":"2022-03-28T13:02:28","guid":{"rendered":"https:\/\/news.microsoft.com\/?p=445867"},"modified":"2022-03-28T13:02:28","modified_gmt":"2022-03-28T13:02:28","slug":"the-metaverse-is-coming-here-are-the-cornerstones-for-securing-it","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/03\/28\/the-metaverse-is-coming-here-are-the-cornerstones-for-securing-it\/","title":{"rendered":"The metaverse is coming. Here are the cornerstones for securing it."},"content":{"rendered":"
<\/div>\n

Beneath the buzz, the metaverse is arriving in both predictable and unexpected ways.<\/p>\n

Some new experiences using headsets and mixed reality will be in your face \u2013 quite literally \u2013 but other implications will be harder to spot. As with all new categories, we\u2019ll see intended and unintended innovations and experiences, and the security stakes will be higher than we imagine at first.<\/p>\n

There is an inherent social engineering advantage with the novelty of any new technology. In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face \u2013 literally \u2013 like an avatar who impersonates your coworker, instead of a misleading domain name or email address. These types of threats could be deal breakers for enterprises if we don\u2019t act now.<\/p>\n

Because there will be no single metaverse platform or experience, interoperability is also crucial. Trust cannot end at the doorway of a virtual meeting space, for example \u2013 it must extend to the interactions and apps within \u2013 otherwise security uncertainty will hobble people wondering what to say or do in a new virtual space and create gaps that can be exploited.<\/p>\n

Which brings us to the importance of these early days for the metaverse: We have one chance at the start of this era to establish specific, core security principles that foster trust and peace of mind for metaverse experiences. If we miss this opportunity, we\u2019ll needlessly deter the adoption of technologies with great potential for improving accessibility, collaboration and business. The security community must work together to build a foundation to safely work, shop and play.<\/p>\n

So what can we expect \u2014 and how can we create a trusted environment in the metaverse?<\/p>\n

It\u2019s important to remember that history often repeats itself
<\/strong>Technology shifts have a way of seeping in while we\u2019re looking the other way. Consider the fact that real estate booms in virtual worlds aren\u2019t new \u2013 coveted dot-com domain names were hot with brokers and speculators in the 1990s.<\/p>\n

The early World Wide Web would indeed revolutionize commerce, but it would do so in ways many did not fully anticipate in the 1990s. Meanwhile, the ease of setting up a website also led to a gold rush of fraud with knock-off domains impersonating banks, government agencies and household brand names. These problems persist to this day.<\/p>\n

We have seen this cycle play out again and again. When Wi-Fi was first available on laptops, corporate security teams were wary of embracing it. Before long, you could not buy a laptop without<\/em> Wi-Fi \u2013whether your organization accounted for wireless in security policies, or not.<\/p>\n

When the iPhone and Android phones exploded onto the scene, they became a massive catalyst for BYOD (bring your own device) policies in the workplace. Almost overnight, personal devices became a new category and organizations had to catch up. We can logically expect metaverse-influenced features and experiences to arrive at enterprises in much the same fashion.<\/p>\n

Let\u2019s learn from these lessons and stay ahead of the curve
<\/strong>We\u2019ve long known that security is a team sport, and no single vendor, product or technology can go it alone in protection. The culture of information-sharing and collaboration in the defender community today has been a monumental achievement that did not happen overnight. Today ISPs, cloud providers, device manufacturers \u2014 even industry rivals in these markets \u2014 recognize the need to work together on security issues.<\/p>\n

Sitting now at the gateway of a new dimension in technology, it\u2019s critical to align on key priorities to help secure the metaverse for generations \u2014 and identity, transparency and a continued sense of unity among defenders will be key.<\/p>\n

Identity is where intruders strike first
<\/strong>For years fraudsters have claimed to be deposed princes with fortunes to share, or sweepstakes hosts desperately trying to reach you, but the advent of email and text messaging re-franchised these schemes for the digital world.<\/p>\n

Play this forward, and picture what phishing could look like in the metaverse. It won\u2019t be a fake email from your bank. It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room.<\/p>\n

This is why solving for identity in the metaverse is a top concern. Organizations need to know that adopting metaverse-enabled apps and experiences won\u2019t upend their identity and access control. This means we have to make identity manageable for enterprises in this new world.<\/p>\n

Constructive steps include making things like multi-factor authentication (MFA) and passwordless authentication integral to platforms. We can also build on recent innovations in the multicloud arena, where IT admins can use a single console to govern access to multiple cloud app experiences their users rely on.<\/p>\n

Transparency and interoperability will be key
<\/strong>There will be many providers of platforms and experiences in the metaverse, and true interoperability can make the gaps between them seamless and more secure \u2014 while enabling exciting new scenarios. Think of bringing your virtual PowerPoint presentation into a client\u2019s virtual meeting room, even if it\u2019s operating on a different platform.<\/p>\n

Transparency can help enable this every step of the way. New platforms usually run a tough gauntlet once they arrive in enterprises at scale \u2014 that is often when security researchers really begin probing code, features and product claims<\/a>.<\/p>\n

Metaverse stakeholders should anticipate security questions and be prepared to jump on any updates. There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates.<\/p>\n

Transparency helps accelerate adoption \u2014 it speeds the learning process for security.<\/p>\n

Our strongest defense is working together
<\/strong>The problems of yesterday\u2019s and today\u2019s Internet \u2014 impersonation, attempts to steal credentials, social engineering, nation state espionage, inevitable vulnerabilities \u2014 will be with us in the metaverse. And it will take the same security community of good faith, norms and teamwork to anticipate and respond to them.<\/p>\n

The strides we\u2019ve made across the tech industry in cooperating against threats as the stakes have risen in recent years remains a cornerstone for security as metaverse platforms and experiences begin to shape the future.<\/p>\n

Security researchers, chief information security officers and industry stakeholders also have an opportunity to understand the terrain of the metaverse as adversaries do \u2014 and use it to our advantage. Metaverse platforms will likely create and generate entirely new data streams with the potential to improve authentication, pinpoint suspect or malicious activity or even revisualize cybersecurity to help human analysts make decisions in the moment.<\/p>\n

As with any new frontier, high expectations, fierce competition, uncertainty and learning on the fly will define how the metaverse evolves \u2014 and the same is true for securing it. But we do not need to predict the ultimate impact of the metaverse to recognize and embrace the security and trust principles that make the journey a safer one for all.<\/p>\n

Let\u2019s make the lessons we\u2019ve learned about identity, transparency and the security community\u2019s powerful collaboration our top ideals to enable this next wave of technology to reach its full potential.<\/p>\n

Tags: metaverse<\/a>, Security<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Beneath the buzz, the metaverse is arriving in both predictable and unexpected ways. Some new experiences using headsets and mixed reality will be in your face \u2013 quite literally \u2013 but other implications will be harder to spot. As with all new categories, we\u2019ll see intended and unintended innovations and experiences, and the security stakes […]<\/p>\n","protected":false},"author":2,"featured_media":123376,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[50,52],"class_list":["post-123375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-news","tag-recent-news","tag-security"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/123375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=123375"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/123375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/123376"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=123375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=123375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=123375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}