The rising need to secure the metaverse
The term metaverse has gained sudden popularity over the last year, with people across the globe fascinated by the endless possibilities this virtual world holds for the future of social, business, leisure, and culture. While Mark Zuckerberg popularised this term, tech brands across the world have been working towards a virtual world for many years, with technologies such as virtual reality being a step in this direction.
In fact, the word ‘metaverse’ was first coined in 1992 by the author Neal Stephenson in his novel “Snow Crash”. Since then, there have been many versions of the metaverse. For example, the gaming industry nurtured the idea with games such as Second Life, Eve Online, Grand Theft Auto and Red Dead Online.
Role of Edge Computing
However, as the metaverse continues to grip the world’s imagination, there is no doubt that we will need an investment in the development adoption of edge computing, as current centralised cloud computing deployments will not be enough. Placing computing and storage closer to the data sources will bring in immersive virtual experiences.
According to the State of the Application Strategy report 2022, 85% of Indian businesses plan to deploy workloads at the edge. 33% of Indian respondents said that improving operational efficiency with more accurate data/insights from remote endpoints, while 27% pointed towards improving customer experience with better app performance as the primary business outcome they want to achieve using edge computing.
Metaverse might be a big promise in the evolution of applications, however, it comes with its own set of potential concerns – the biggest being security & privacy. While much is being reported on data collection and privacy, an equally important area of concern is the reliance on social networks to verify identities. Non-commercial users of social networks like Facebook are likely to use their actual personal details to engage with their friends, family, and broader social circles, giving rise to Open ID Connect (OIDC) technologies where third-party services can leverage identity and personal information details with a user’s permission, e.g., logging in to Spotify with Facebook details. While this creates an environment where there are fewer logins and passwords to remember, it also means that social network logins are now a target for identity theft. Moreover, moving from the digital world to the virtual metaverse also increases the threat surface for fraud and identity theft, and the integration between physical and virtual spaces gives malware the ability to move between physical and virtual environments.
The key to battling these risks is to have the right operational procedures and relevant safety models than can adapt to the metaverse. Adopting a Zero-Trust cyber security model for example, can help ensure only the right people have access to the information at the right time. The ‘Never trust, always verify, continuously monitor’ approach can further build trust and mitigate cyber threats in the metaverse. In addition to this, these threats will increase the existing demand for tools such as VPNs, proxies, and anti-malware software to strengthen security. Advanced web application firewall (WAF) and Web app and API Protection (WAAP) solutions can further help organizations protect their unsecured endpoints while monitoring and responding to attacks in real-time and gain end-to-end visibility.
To conclude, the metaverse is bringing with it endless possibilities for how we interact, engage and work. With all new technology however, come inherent risks and these should not be an afterthought in their adoption.
(The author is Mr. Shain Singh, Principal Security Architect – APCJ Lead at F5, Inc. and the views expressed in this article are his own)