Second Life a security risk for businesses: Gartner

Stan Beer
Tuesday, 07 August 2007 16:38

Your IT - Home IT

Companies risk damage to their brand and reputation and risk potentially serious security breaches by engaging in activities in unmoderated virtual worlds such as Linden Lab’s Second Life, according to technology analyst group Gartner.

Companies that are sensitive to brand issues, as well as social and ethical positioning, must exercise particular caution in uncontrolled virtual worlds, such as Linden Lab’s Second Life, and should consider more heavily moderated, targeted alternatives, such as There, Kaneva and Activeworlds, Gartner analysts advised.

“The risks enterprises face as a result of their involvement in virtual worlds are real and can be significant. They shouldn't be ignored — but neither should the potential opportunities and benefits that arise from using these new environments for corporate collaboration and communications,” said Steve Prentice, vice president and distinguished analyst at Gartner.

Major risks, according to Mr Prentice, concern identity authentication, confidentiality and risks to brand and reputation.

With regard to identity, Mr Prentice believes that lack of verifiable identity control or access management is a major deficiency in public virtual worlds and is having a significant impact on the potential use of virtual worlds for internal collaboration purposes.

"Individuals interact in virtual worlds via avatars, which are computer-generated representations of themselves. However, because new accounts can be opened with ease (and at no cost), many individuals have multiple avatars. Thus, it's difficult (if not impossible) to ensure that any specific avatar actually represents the person with whom it's associated," states Mr Prentice.

Because of this, Gartner recommends that companies seriously evaluate the availability of "private" virtual-world environments, which are hosted internally and exist entirely inside the enterprise firewall.

As far as confidentiality is concerned, virtual worlds aren't secure environments, according to Mr Prentice.

Gartner believes that discussions involving confidential and commercially sensitive information shouldn't take place inside Second Life or any other virtual world — or in an open, Internet-supported social networking site. Worldwide legal systems (especially in the U.S.) have become increasingly aggressive in demanding access to electronically stored records, Gartner says.

Gartner recommends moving to a private virtual world (built by using tools, such as GarageGames' Torque Game Engine or Sun's Java-based Project Wonderland; or developed using established applications (such as Forterra Systems' Olive) that are entirely contained inside the enterprise firewall.