Microsoft weighs in on guidelines for securing the Metaverse

Kareem Anderson

Apparently, some version of the metaverse is coming and there is very little the average online user can do about it. To that end, Microsoft believes there should at least be some guidelines in place to make sure the experience is a relatively safe one.

According to Charlie Bell, an executive vice president of security, compliance, identity and management at Microsoft, “fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address.”

With Microsoft pitching an enterprise-focused metaverse engagement, threats such as phishing and identity theft are immediate no-go’s so Bell believes it’s crucial to establish core interoperable security principles for metaverse experiences.

Here are some of the Microsoft proposals to help foster a trusted metaverse experience:

Identity is where intruders strike first

This is why solving for identity in the metaverse is a top concern. Organizations need to know that adopting metaverse-enabled apps and experiences won’t upend their identity and access control. This means we have to make identity manageable for enterprises in this new world.

Constructive steps include making things like multi-factor authentication (MFA) and passwordless authentication integral to platforms. We can also build on recent innovations in the multicloud arena, where IT admins can use a single console to govern access to multiple cloud app experiences their users rely on.

Transparency and interoperability will be key

Metaverse stakeholders should anticipate security questions and be prepared to jump on any updates. There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates.

Transparency helps accelerate adoption — it speeds the learning process for security.

Our strongest defense is working together

Security researchers, chief information security officers and industry stakeholders also have an opportunity to understand the terrain of the metaverse as adversaries do — and use it to our advantage. Metaverse platforms will likely create and generate entirely new data streams with the potential to improve authentication, pinpoint suspect or malicious activity or even revisualize cybersecurity to help human analysts make decisions in the moment.

Admittedly, Bell believes the metaverse is arriving in both “predictable and unexpected ways,” to which the above principles are seemingly meant to be a broad foundation for approaching the metaverse.

In turn, features, tweaks and ideas tend to flow back and forth between consumer and commercial experiences and we can only hope many of these ideas are being explored with Meta’s approach to a consumer-centric metaverse experience as well, because capitalizing on a threat in either instance leaves both experiences vulnerable.