Virtual worlds a security risk, Gartner warns

Companies should be cautious about establishing a presence in virtual worlds and take a realistic assessment of the security and risk management issues they pose, according to a Gartner analyst.

While companies, such as IBM and Dell, have set up shop in Second Life to host meetings, sell products and conduct press briefings, vice president and director of research at Gartner Steve Prentice said that top brands, valued in billions of dollars in the real world, could be at risk in a virtual setting.

"The risks enterprises face as a result of their involvement in virtual worlds are real and can be significant. They shouldn't be ignored - but neither should the potential opportunities and benefits that arise from using these new environments for corporate collaboration and communications," said Prentice.

Second Life is largely unmoderated and looks to the community to govern itself. Prentice said that other such virtual worlds, such as There, Kaneva and Activeworlds, are more appropriate as they are better moderated.

Prentice said that while there are problems for companies looking to use such sites, there shouldn't be disregarded as a time-wasting activity. The five main areas where organisations should look at when thinking about entering virtual worlds, according to Prentice are: IT-related security risks, identity authentication, confidentiality, reputation risk management and productivity.

Prentice said that IT security risks mainly centred on unverified applications being downloaded to managed desktop systems. "There are no indications that these client applications represent a higher risk than other similar applications, but at this time, the high frequency of updates makes control difficult," he said.

He also said that as individuals interact with each other via avatars - and people can have multiple avatars - it would be difficult, if not impossible, to ensure that any specific avatar actually represents the person with whom it's associated.

"Lack of verifiable identity control or access management is a major deficiency in public virtual worlds," said Prentice. "This is having a significant impact on the potential use of virtual worlds for internal collaboration purposes."

He added that if commercial activities are to grow freely, then virtual world operators must consider individuals' and enterprises' need to trust that avatars actually represent the persons with whom they're associated and with a high degree of assurance.

Prentice also said that as many virtual worlds aren't secure environments, any discussions involving confidential and commercially sensitive information shouldn't take place in Second Life of any other virtual world."By moving to a private virtual world that's entirely contained inside the enterprise firewall, the issues of privacy, confidentiality and identity can be controlled," he said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.