The metaverse has indeed taken the world by storm and everybody wants a piece of the pie – investors, gamers, technology giants including Microsoft, Meta, Google, Nvidia, Shopify. While the metaverse is still in its nascent stage, experts predict it is here to stay. Industry projections estimate that the metaverse will be worth over £1.2 trillion by 2029. While many tech giants are in a rush to make the most of this captivating new concept and build the biggest popular metaverse space, it is imperative that they focus on safety and security.
In the metaverse, there will be individuals who create multiple online representations of themselves that can move across virtual spaces and spend money to buy goods or services, bringing the digital identity problem to the forefront. As enterprises and highly influential forums such as the WEF move to the metaverse and web3, ensuring trusted identity will become fundamental to the safety and success of the future of the internet. It’s not about disclosing one’s identity; but granting access only if one is authenticated as a real individual. This may not seem to carry an immediate threat, but for large organisations it leaves the door open to threat actors. Ensuring a verified digital identity will be crucial to reducing threats including identity theft, impersonation attacks, identity integration in ternary worlds, unreliable cross-platform authentication.
The need of the hour
As identity and security issues slowly emerge, the necessity for a globally accepted identity system has become paramount. There is a need for a solution that addresses how you create an identity that is accepted across platforms and services in the metaverse and a way to keep track of all the identities a person might have. However, it is not that straightforward – while there have been many solutions proposed, there has been no agreement on the way forward. There is an ongoing debate on developing a single, global identity system that is interoperable across platforms versus owning multiple identities to maintain privacy and security and avoiding reliance on one system alone.
In the UK for example, the government is working on creating a clear framework of rules which show what ‘good’ digital identities look like. This standardization will enable businesses to innovate, protect themselves from fraud and safeguard privacy. This first ‘working’ version of the framework is the beginning of building a trusted digital identity system for the UK. Additionally, the UK government has announced it will introduce legislation to make digital identities as trusted and secure as official documents such as passports and driving licences and set up a new Office for Digital Identities and Attributes (ODIA) in the Department for Digital, Culture, Media and Sport as an interim governing body for digital identities.
In the metaverse, it is important that everyone can trust one another despite their avatars, which means securely authenticating the user. This verification will enhance the level of trust and security in the system. This is not the responsibility of one organisation or country alone – but a global requirement. This would require collaboration across industries, institutions, and nations to cohesively work at creating awareness about the challenges and investing in securing the metaverse. While the UK Government has taken a step in the right direction, it is not enough, it needs to collaborate with other nations to work towards solving this problem.
In the meantime, there are crucial steps organisations need to prioritise:
- Amidst all the excitement, concrete measures still need to be undertaken to establish the foundation that will make the metaverse a safe experience, starting with identity access management. Organisations must carefully consider the implications of access management before planning crucial meetings and sharing sensitive information in the virtual space.
- It is also important for cybersecurity professionals to receive training to address evolving security and privacy concerns in organisations. Institutions such as Identity Management Institute has launched the Metaverse Security Center to create awareness about security and identity threats in the metaverse through training and certified courses.
While having a global identity system might seem like the solution – it is no easy task to create one that is secure, private, easy to use, allows people to maintain their privacy while interacting on the metaverse. Also, developing a system that is flexible enough to adapt based on varying requirements of the metaverse could pose another challenge. While some might argue that creating multiple identities for security and privacy might make them more resilient to attacks, this does pose another issue where tracking them becomes a nightmare.
A decentralised system is now the buzz word with the world moving towards Web3. This could potentially prevent attacks, provide privacy to users, and allow organisations to offer identity solutions that can be customised for users. However, this system is new, largely untested, yet to be adopted and accepted by people who are used to traditional methodologies.
There is no consensus on what the solution is – maybe it is a combination of a global identity system and decentralised system or a completely new approach. While the issue at hand is complex, it is important to find a solution that is accepted by all, easy to use and secure. The metaverse is still young and the decisions made now will have a lasting impact on the future.