From eWeek:
Corporate use of virtual worlds such as Second Life needs careful evaluation for security risks, according to technology research and advisory company Gartner.
Gartner warned that media hype and general enthusiasm for virtual worlds has overshadowed a realistic assessment of the security and risk-management issues they can expose enterprises to. If a company is especially sensitive to branding issues and social and ethical positioning, it should consider exercising particular caution in free-for-all worlds such as Second Life.
“The risks enterprises face as a result of their involvement in virtual worlds are real and can be significant. They shouldn’t be ignored—but neither should the potential opportunities and benefits that arise from using these new environments for corporate collaboration and communications,” Steve Prentice, a Gartner analyst, said Aug. 9.
Prentice listed five major categories of enterprise risk relating to virtual worlds, the first being IT-related security risks. Because these virtual worlds primarily involve unverified applications being downloaded to managed desktop systems, firewall permeability should be a great concern.
Maybe I’m a tad naive when it comes to Second Life as I live firmly here in the “meat space”. I remember years ago wasting countless hours in freaking IRC channels and BBS. How Second Life is really any different is lost on me. I have heard some folks that rave about the wondrous bounty that is a virtual world. But, I’m a proponent of sunshine.
Silly me.
Companies that rush into the great void in a bid to secure their brand tend to brush past angels that are milling about. As a result they open themselves to entirely new attack vector. This is an occasion where I’m in agreement with Gartner on this point. This love affair that some companies have with Second Life is a touch premature. They run a very real risk of having this be a vehicle for attack. Nothing revolutionary here. I’m just always amazed at how people will rush after the “ooh shiny” technology of the moment.
So, how long until the malware infestations and data losses begin?
[tags]Virtual Worlds, Enterprise Threats, Attack Surfaces[/tags]
