Virtual Worlds Create Real-life Risks
Virtual Worlds Create Real-life Risks
August 8, 2007: Virtual worlds like Second Life present some interesting opportunities for commercial organisations, yet also some inherent security risks. IDM spoke to Andrew Walls, Gartner security specialist for Asia Pacific, to find out just what organisations can do to minimise risk.
Telstra Bigpond, IBM, the ABC and Coca Cola are just a small sample of organisations who have ventured into Second Life to promote their brands. While the return on investment is not yet obvious, Gartner warns without adequate protection and preparedness, some organisations could be left vulnerable.
While brand and reputation could be at stake in semi-uncontrolled environments like Second Life, there is although difficulties in ensuring appropriate identity authentication and access management, the exchange of sensitive and confidential information, alongside general IT-related security risks.
Recently appointed Asia Pacific Security expert for Gartner Andrew Walls believes there are a number of these organisations need to be aware of when venturing into virtual worlds like Second Life to promote their brands.
“One of the key security concerns is the issue of identity,” says Walls. “In a virtual world, you’re looking at a public website where you don’t know the actually identity of the people you’re interacting with. An avatar appears, but you can’t approve or tell the real identity of the person.
Three months into the job and Walls is preparing to launch a major report not just focusing on the actual security risks, but the means and preparation organisations can develop for managing security. “The research I’m advising is to simply make sure you have accurate expectations on what you’re actually going to achieve and how much it will cost,” he says.
“Another problem is that organisations don’t have the ability to ad an extra authentication and identity management layer on top of what’s already available.”
Walls believes the legalities of what can and can’t be done in a virtual world are similar to the questions asked during the Internet’s early mainstream adoption.
On reputation risk, Walls says organisations need to be aware of situation involving a brand that could potentially hinder a user’s experience or potentially have users critising the look and feel of an organisations virtual branding.
“For organisations to safeguard their reputation, often it’s about the basic stuff,” says Walls. “Regular users can be very critical of bad design, poor interactivity, poor colour work, avatars that are clueless so you need to be very careful where you go in.”
“You need a good image that fits with your general corporate image and you need to be able to maintain that.
As the first security analyst to service the region, Wall’s recent Gartner appointment reflects back on increasing security concern in Asia Pacific. “Fundamentally, there’s enough interest, there’s growing concern in the region on security matters and we’re seeing more and more security vendor regional offices popping up,” says Walls.