The growth of the metaverse brings new opportunities for innovative business practices and new ways to interact with one another in the workplace. While the metaverse brings the potential for improved workflows and virtual meeting rooms – it also brings an expanded attack surface and new ways for exploitation by bad actors. Bhagwat Swaroop, president and GM of One Identity, discusses how innovative approaches to identity, access and Zero Trust in the current metaverse landscape.
Given the variety of ways individuals and enterprises can engage with the metaverse – including both digital and physical channels – the vast amount of data collected alone creates a new generation of security challenges.
One of the biggest challenges of this new communications frontier will be the exponential growth in digital identities, which will open up new gateways to potential bad actors. The problem is that IT professionals are still trying to master securing identities in this cloud-first world – and many are unprepared to handle the rapid growth that this new landscape the metaverse will create. Luckily there’s a place to start. By understanding the current digital identity landscape and how it will impact the new virtualscape, companies can match these broadening threats and achieve digital resiliency.Â
See More: The Metaverse is Here…But is the Hardware Ready?
Breaking Down Today’s Identity Landscape
Today’s identity landscape is enormous, and cybercriminals are taking advantage of the scope of the sprawl. But, what many IT professionals are overlooking is how the proliferation of identities is making organizations more vulnerable. Due to the changes in where we work and how we work, the race to the cloud and a dramatic increase in the use of automation, identities are rapidly multiplying.Â
These higher volumes of identities from multiple sources are not only difficult to manage but also an ideal situation for bad actors looking to take advantage of weak spots that organizations might overlook. In fact, 61% of breachesOpens a new window in the past year involved exploited credentials. IT and security professionals have difficulty reigning in the continuously growing identity landscape. Unfortunately, the growing adoption of the metaverse will only expand the identity attack surface even further.Â
So while the current identity landscape is tenuous, the metaverse will exacerbate not only existing problems but also create new ones — especially when it comes to access. Metaverse users will be actively encouraged to join the digital world in new ways, from laptops, smartphones, virtual reality sets, and gaming consoles, which will create new usage and access points for cybercriminals to exploit. This means they will need to be adaptive in their strategies to manage access as identities evolve in the metaverse.
Access, privacy and identity management will play vital roles in ensuring the well-being and security of individuals and organizations in the digital world. Kurt Opsahl, general counsel of privacy-watchdog group Electronic Frontier Foundation, notesOpens a new window that when it comes to data generated by technologies surrounding the metaverse, “there’s the potential for manipulation or invasive misuse of that data.†Not just by employers or unknowing insiders, but bad actors as well. And based on our cloud and digital transformation track records, whenever there’s a breakthrough in innovation, there’s an equal and opposite uptick in exploitation.Â
See More: What Metaverse Means for Tech and How DLT is Transforming FinTech
Why This Matters
As the run-up to a virtual world continues and digital avenues, identities and access points widen across the enterprise, the name of the game will be “digital resiliency†in 2022. To secure this new environment, organizations need to ensure that all individuals – and proliferating identities – have limited and only-what’s-necessary access to business and data assets from the start.Â
Another way to think about digital resiliency and identity and access management in 2022 is through the lens of these two words: Zero Trust. Having grown significantly in popularity since early 2021, Zero Trust is the only Biden-backedOpens a new window proven cybersecurity framework that minimizes the impact of a cyber incident. As a model for implementing robust and selective security, Zero Trust eliminates vulnerable permissions and unnecessary and excessive access to help companies better manage and secure the identities, applications and machines across their network.  Â
In other words, instead of trying to throw a firewall, password, or other forms of perimeter-based defenses around every new access point or identity that crops in the metaverse, organizations need to lean into setting limits and treating every identity like a potential threat. As we continue through this hyper-collaborative and increasingly interactive, digital-first world, and as cybersecurity grows in complexity and severity, it will be essential for businesses to limit and manage access – which starts with Zero Trust.
The metaverse is coming, and it’s bringing a bevy of new opportunities for good and bad actors alike. But innovation doesn’t need to breed exploitation. If companies are prepared, lean into Zero Trust, and set limits on access, the virtual world can remain a safe one too.Â
How are you planning to tackle the security challenges of our expanding metaverse? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!