http://www.techworld.com/security/news/index.cfm?newsID=9765 By Matthew Broersma Techworld 10 August 2007 Virtual worlds such as Second Life can be useful to businesses if they evaluate the risks involved, according to a research note from Gartner. Gartner analyst Steve Prentice, who recently published an in-depth study on virtual worlds, said virtual worlds can pose problems to security and corporate image, but shouldn't be automatically written off as time-wasting games. Large companies are beginning to take virtual worlds seriously, with enterprises such as Intel, IBM and Sun setting up virtual offices in Second Life, and using it to hold press conferences and even internal meetings. Dell uses Second Life to allow customers to build custom PCs and then order the real thing, while US retailer Best Buy uses its Second Life facility to give customers access to troubleshooting experts, and Cisco hosts virtual user-group meetings at its Second Life HQ. Prentice agreed that companies can get real communications and productivity benefits out of virtual environments, and said companies should keep an open mind when evaluating whether they kill productivity. Such programs can drain staff time during the initial learning curve but there may be benefits further down the line, Prentice said. Nevertheless, there are serious risks associated with IT security, access management, confidentiality, and corporate reputation, he said. IT security - Like any internet-connected application, virtual worlds can open up risks of unverified applications making their way onto the network and allowing unwanted code through the firewall, Prentice said. There's no evidence that virtual worlds pose any more such risk than comparable client applications, but Prentice pointed out that at the moment they're on the receiving end of frequent updates, which can make them difficult to control. Access management - Virtual environments can be useful for internal collaboration, but open applications such as Second Life are probably inappropriate for this, for the simple reason that it's difficult or impossible to verify whether the avatar showing up for the meeting is actually the person it claims to be, Prentice said. Instead, Gartner recommended companies look into "private" virtual environments, which can be hosted internally and need not penetrate the firewall. Confidentiality - Employees might want to use a virtual environment for a discussion about business matters, but there are several reasons why this could be a problem, especially in open, internet-supported social networking sites or virtual worlds, Gartner said. Besides the fact that such environments aren't secure, there's the issue that legal systems, especially in the US, are becoming mroe aggressive about demanding access to any electronically stored records, including online conversations. "Non-US organisations may wish to avoid virtual worlds that are subject to US jurisdiction because this may result in stored information being subject to legal scrutiny," Gartner said in the note. Alternatives could be private virtual worlds built using tools such as the Torque Game Engine from GarageGames or SUn's Java-based Project Wonderland, or applications such as Forterra Systems' Olive, Prentice said. Corporate image - Finally, companies with sensitive brand and reputation issues should be cautious about becoming involved in "uncontrolled" virtual environments such as Second Life that could lead to the corporate image becoming sullied. A similar issue arose earlier this week when the UK government pulled advertising from the social networking site Facebook over concerns that its ads could be appearing in inappropriate places. The move followed a decision by several companies, including the AA, First Direct, Virgin Media and Vodafone, to pull their advertising from Facebook following reports that their ads were being displayed alongside the official group page for the British National Party. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Aug 14 2007 - 01:07:43 PDT