Friday, August 10, 2007

Gartner sees security risks with businesses in virtual worlds like Second Life

I see Gartner is cautioning businesses about potential risks with launching activities in virtual worlds like Second Life. I couldn't help but think about the reports I have heard from colleagues and students that friends and family from other countries are asking what it is like to live under a repressive regime. The last statement in this excerpt really makes it look that way.

"Companies need to think about security and risk management before they get too excited about virtual worlds, according to analyst group Gartner.

The risks businesses face as a result of getting involved in virtual worlds can be significant, according to Gartner vice president Steve Prentice. These risks shouldn't be ignored, he said--but neither should the potential opportunities and benefits that arise from using these new environments for corporate collaboration and communications.

Gartner said the issues facing corporations fall into five categories:

IT risks
According to the analyst group, the IT risks of virtual worlds concern the applications needed to run virtual worlds being downloaded to desktop systems. And while there are no indications that these client applications represent a higher risk than other comparable applications, Gartner said that, at this time, the high frequency of updates makes the control of a large application difficult.

Identity and access management
It's difficult--if not impossible--to ensure that any avatar is an online version of the real-life person it claims to be, according to Garter.

This lack of verifiable identity control or access management is a "major deficiency" in public virtual worlds and is having a significant impact on the potential use of virtual worlds for internal-collaboration purposes, the analyst house said.

As a result, companies should seriously evaluate the availability of private virtual-world environments, hosted internally and existing entirely inside the enterprise firewall.

Confidentiality
Discussions involving confidential and commercially sensitive information shouldn't take place inside Second Life or any other virtual world--or in an open, Internet-supported social-networking site, Gartner warned.

But by moving to a private virtual world, the issues of privacy, confidentiality and identity can be controlled. The analyst also says non-U.S. organizations may wish to avoid virtual worlds that are subject to U.S. jurisdiction because this may result in stored information being subject to legal scrutiny."

No comments: