Without proper security, the potential of social networks, virtual worlds and real-time mapping services cannot be fully exploited, according to research house Gartner.
“Improved security in virtual environments should be a joint responsibility between individuals, companies and service providers,” said Gartner research director Andrew Walls told a Singapore conference. “There are some steps that users themselves must take, some things their employers can do, and some that the providers of virtual environments could do to reduce the risks.”
According to consultancy firm, the security risks currently posed by virtual environments range from traditional problems, like spam and malware, to business issues like privacy and intellectual property management, as users upload and create information that is stored — and traded –remotely.
Integrated Online Environments
According to Gartner, virtual worlds, social networks and mapping environments will merge into highly integrated online environments over the next ten years.
“Organizations cannot block social networks and virtual worlds, because they will become the base infrastructure for business and personal interaction in the future,” said Mr Walls. “Now is the time to build security tools and infrastructure that enable the organization to benefit from them.
“The ownership of content placed in a virtual environment is often in doubt,” said Walls who was speaking at the company’s IT Security Summit. “The end-user license agreements offered by social software are between the user and the vendor, not the company and the vendor, so the company may have no legal standing to negotiate to protect their intellectual property.”
Emerging Threats
The research company cited emerging threats from virtual environments such as new social network analysis tools that allow easy integration of data from a variety of sources and potential flaws in user interfaces and media formats such as QuickTime, AVI and MP4.
“These threats are exacerbated by the speed at which new features are developed and implemented by the providers of virtual environments, without a long-term testing process to identity security flaws,” said Mr Walls.
In view of these threats, Gartner recommends that organizations:
— Start by monitoring and using virtual environments to gain familiarity
— Define a policy for virtual environments
— Ask corporate legal counsel to review license agreements of sites used by staff
— Ensure that security infrastructure controls are in place
— Implement an education program for staff to help them protect themselves
— Monitor use and assess compliance