Dissecting Metaverse - A Fortified Security Will Propel A Quintessential Economy

First Published in Newspaper (Telangana Today, Hyderabad, 24 April 2022) - Link

"You can think about this as an embodied internet operated by many different players in a decentralized way. You’re inside of rather than just looking at. We believe that it is going to be the successor to the mobile internet".

                         - MZ (Mark Zuckerberg), 2021

Euphoric Verse

The rapid speed and scale of digitization has suddenly landed us in a universe, verses of which are being ubiquitously heard. Don’t you overhear corporations pumping up war chests, to garner first movers’ advantage in a bid to compete in Metaverse? Didn’t you hear $10 billion venture funding to metaverse-related companies in 2021? Didn’t you notice all pervasive cacophonies about the NFT launches these days? While NFT is not anew, NFT on metaverse has rapidly gained prominence. Didn’t you off-lately hear leaders versing verses about this trillion-dollar opportunity that ‘heavenly’ positions brand? Don’t you also see how such cacophonies are causing excruciating sufferings to people like you and me? This Metaverse FOMO (Fear of Missing Out) is unarguably the virulent dominant strain – mightier than the deadly corona.

Spiraling Cyber Onslaught

The onset of Covid has been synonymous with the onset of advanced cyber-attacks. Every 39 seconds, someone gets victimized. Many prominent entities have been hit: World Health Organization, Big Basket, Alibaba, LinkedIn, Facebook and Marriott. NASA alone was targeted in more than 1,700 cyber incidents in 2020. And the worst: many don’t even understand for months if any such incident ever happened but by then the damage is done.

The onset of Covid has also been synonymous with ongoing digitization and an unprecedented shift towards a contactless world. The last two years have given prominence to Zoom, Google Meet, Microsoft Teams amongst others, most of which were obscure earlier. Today, everything gets done virtually - something unfathomable earlier. With rapid digitization, security issues have skyrocketed. Breaches for bitcoins are now passe; state sponsored attacks and advanced persistent threats are the new age realities. Hackers have identified newer ways to penetrate/pilfer while security issues like log4j have been disrupting the digitized ecosystem. No kidding, applications are releasing one security patch after another.

Tech-Volution

Twenty years ago, did you ever imagine that the yesteryear giants like Barnes & Nobles, Blockbuster and taxi companies like Meru would be relegated to history? Could you then visualize how internet would be the real game changer and how hospitality, travel, grocery, real estate amongst others would get disrupted while new age behemoths like Amazon, Netflix, Facebook and Uber would emerge? 

For companies and investors, Metaverse brings avenues to flourish. For professionals, this brings opportunities to get skilled and shine. For startups, this brings prospects to chase. For the pandemic hit world that has been jolted by the raging war and the spiraling inflation, Metaverse brings a ray of hope for the battered economy.

The Nations Want To Know

But the question is: is Metaverse really that big opportunity? Would Metaverse be sustainable and scalable to propel the long-term growth that pundits are talking about? Is it yet another bubble like the dotcom that burst eventually? Are we again going to witness the exponential jump in hirings and the subsequent massive firings?

The bigger question is: is Metaverse ahead of time? How would this virtual verse span out once Covid dissipates and remote working becomes history? Is Metaverse based on the assumptions that Covid and remote working are forgone conclusions? Is it secure enough for the widespread adoption? Most importantly, are big daddies talking about Metaverse because they are heavily invested into it?

Metaverse

Currently in an early stage, Metaverse will allow people to replicate or enhance their physical activities by transporting, transforming, or extending their physical activities onto a virtual world. As per Gartner, by 2026, 25% of people will spend at least an hour daily in Metaverse for work, shopping, education, social media and/or entertainment. In Metaverse, each entity (business, school, hospital, movie, actor, brand or person) would have its/her/his unique digital representation/avatar. These avatars would do everything we do in real world.

Sounds ahead of time? Yes, Metaverse is primarily targeted towards Generation Alpha, kids born between 2010 and 2025. These kids are also referred to as the Glass Generation as their glass-fronted devices would be their main medium of communication. Such kids would eat, drink, study, play, rant in vicinity of a device and they would even sleep immediately if they’re promised a screen time later.

People carry diverse opinions about metaverse. To many, Metaverse might appear like an illusionary science fiction. While older generation might disdain it, to the younger ones, it might be the latest fad. Good or bad, Metaverse is here and there is no escaping, whatsoever.

Metaverse Economy 

Metaverse is an independent virtual economy powered by digital currencies and nonfungible tokens (NFTs). At an architecture level, these seven components comprise a Metaverse:  Gateways (centralized/decentralized), Avatar/Identity, UI/Immersion/AR/VR), Economy (Crypto, wallet, Marketplace and NFT/Blockchain), Social, Gaming (points earned/collected), and Infra (cloud, scalability, visualization, digital twin, AI, decentralized infra, AdTech and connectivity). A Metaverse requires multiple technologies and trends to seamlessly execute in tandem.

Future Beckons

Come Metaverse and you would extend your physical pursuits onto it. Just imagine, how you would immaculately dress up your digital avatar, put on your VR headsets and converse with your potential recruiters for potential opportunities on a hyper immersive, hyper personalized and hyper engaging Linkedin Metaverse. Just imagine, how on the other end, the headhunter would have his/her avatar readied, and you both would get teleported to some Metaverse Starbucks in an illusionary Hawaii to explore fitment and synergies.

Come Metaverse and how your casually decked up avatar would talk to avatars of your friends and families. Come Metaverse and you would prefer to socialize with your partner in this illusionary verse more than you would in the physical world. How unromantic could that be?

It is said that such virtual interactions would be as normal as a WhatsApp messaging today and would be much more frequent than the exchanges in real lives. Given the FOMO and the peer pressure, this could be our children’s social realm. How unbelievable yet plausible?

What’s There In A Name - Facebook or Meta

Data is the new oil. FB makes money from its subscriber base, digital marketing, implicit marketplace and from your data 24*7*365 (supposedly with your explicit consent).

Every rise has a fall. Overtime, regulators haven’t been happy with FB’s and WhatsApp’s data compliance. MZ and team were confronted with the law and were pooh-poohed by the regulators. For FB, last few quarters have also been hard. Because FB is losing its long-time hegemony with competition (Twitter, Instagram) flaring up in the social media, because FB is not resonating with the young bloods, because Facebook’s results have taken undue beatings with its share down by US$192 ($188 from $380) in last 7.5 months, because top leadership publicly acknowledged the downfall, does FB desire to continue its strides in its newer semblance? Given Facebook doesn’t seem to have significant exposures in Metaverse other than its 2014 acquisition of VR headset company Oculus, is Meta FB’s strategic ploy to increase its rapidly dwindling subscriber base?

On a lighter note, in a bid to retain his PM chair, if ex-cricketer Imran Khan could be so immaculate with his dramatic skills, why wouldn’t FB turn Meta if that helps it retain its hegemony yet again? After all ‘what’s there in a name - it’s the money that counts honey’.

Genesis

The genesis of Metaverse seems to be driven more by the sunk cost than anything else. Overtime, companies have invested in acquisitions and in developing VR hardware.  Work on VR has happened since 1985. Microsoft VR HoloLens has been secretly under development since 2010. Since 2014, billions have been spent in VR companies Magic Leap, Google’s acquisition, and NReal that haven’t done well and in creating VR devices, ubiquitous in malls today, by Google, Facebook, Microsoft, Oculus, Samsung, Sony, HTC and Homido.

Lately, hardware vendors haven’t done well. With the advent of cloud, server companies like IBM and HP have split. While AR has real use cases, VR drags adoption as devices are cost prohibitive to produce given bulk procurement, by startups that cater to AR/VR application development, hasn’t up ticked.

Metaverse proponents must fathom why there should be uncomfortable and obtrusive headgears. Companies that innovate lighter and comfortable headgears will have a better chance – something analogous to eye lenses and Lasik surgery that replaced the need for wearing intrusive spectacles. Apple’s AR Glass, an innovative smart sleek spectacle that gets integrated with Apple devices is going to address VR pain point.

Metaverse & You - Connecting The Dots

Metaverse, first used in Neil Stevenson's novel Snow Crash, was a virtual place where characters could go to escape a dreary totalitarian reality. One buys metaverse land for business or investment purposes. Buying a metaverse land doesn’t mean buying a land on earth.

For instance: someone creates a metaverse leveraging AWS and declares owning 100000 acres land. As ABC Jeweller, you buy 5000 sqft. On that, you invest to build/decorate/market your store. This increases footfalls/sale in online/off-line worlds.

Now, a jewellery designer showcases his/her creation/IP in your metaverse store. You build jewellery based on his/her design. Once sold, he/she gets a royalty. Now assume, world’s best designer creates a unique jewellery design. Because he/she is famous, every woman wants to own that creation, however virtual, and an artificial demand gets created. It goes for an auction and the highest bidder wins (analogous to Thar NFT in which winning bid of a mere creative was as much as price of SUV).

Interestingly, every rich woman could also bid for a part/token of that design/IP. It is non-fungible because its every token/unit is distinguishable and has value. While the women are happy (FOMO), the designer is happier.

Security Challenges in Metaverse

Given Metaverse is an extension of our physical selves and given avatar would be our augmentation in the digital realm, a robust Security, Privacy and Compliance would propel a quintessential metaverse economy.

Metaverse is primarily multiple emerging technologies synchronously at play. Most technologies have inherent dependencies, inter-dependencies, weaknesses, and design/ implementation flaws. Metaverse economy, being new, would be bugs prone; bad actors would exploit them to penetrate/pilfer, infest viruses and malwares, bringing associated integrated infrastructure to ransom. Also, while one technology might be secure, weakness in the other weakens the ecosystem. For instance: a security flaw in the technology stack:  Blockchain, IoT, 5G, ML, 3D, Social, Mobility, Smart Contract, Payment system, Crypto, NFT, Wallet, Infra, Cloud, VR devices, Immersion/AR, Computer Vision or an unauthorized privileged access across API,  user interfaces,  data bases would be enough to ruin havoc. Ability to analyze, isolate and test such scenarios might not be so straight forward.

Given the buzz, Metaverse would be the next pry, spy, and hack target. Security issues likely to derail Metaverse include brute-force, denial of service, email incidents, impersonation, improper usage, loss/theft or compromise of VR/AR devices, web- attacks, exploits on known common vulnerabilities and exposures (CVE), Log4shell (arbitrary code execution in Log4j), patching issues, takeover of endpoints/avatars, unauthorized PII disclosure/storage/transfer, deep fakes, social engineering attacks, credential theft, and incidents involving removable media/devices.

Securing Your Metaverse

Metaverse needs to be designed and orchestrated adhering to the core trust pillars of  confidentiality, availability, integrity, privacy, and security. By following principles of least privilege, separation of duties, defense in depth, robust interfaces (API/UI), Metaverse economy needs to scale both horizontally and vertically without many gaps.

With complex disparate components, technologies, and topologies, Metaverse economy needs thought through integration and smart maneuverings all pervasive. Trust in the ecosystem must be enabled through digital identities of avatars and endpoints and advanced grade encryption for data at rest, in transit and in motion.

Once implemented, it is a mandatory that Metaverse ecosystem (endpoints, avatars, digital space, hardware, gateways, crypto, wallets, access, marketplace, NFT, Blockchain, software, shared resources, UI, AR/VR, data, infra and cloud) are periodically assessed for potential threats, vulnerabilities, misconfigurations, potential weaknesses, disaster recovery, business continuity besides reviewing incident responses, risks, accesses,  patching, and logging/monitoring issues. Lastly, compliances need to be watertight with adequate cyber insurance.

Road Ahead

For a quintessential Metaverse economy, the ecosystem needs to succeed. Implementing a true metaverse would be a gigantic task; implementation demands a focused approach. For rapid adoption, Security, Data Privacy, Risk, Governance and Compliance must be watertight.

Metaverse will succeed in a decentralized world. While decentralization is easy to utter, it’s a nightmare to accomplish. In any highly profitable ecosystem, more so in a decentralized one, there would always be another set of regulatory surveillance whatsoever. No wonder, Regulators and Governments have been uncomfortable with decentralization. Many blockchain and cryptocurrency companies globally still don’t have a free hand while India, US, China amongst others are coming up with their respective Government backed digital currencies as a better alternate to unreliable/volatile cryptocurrencies. Would such Government moves decimate the contemporary crypto story one day?

Most importantly, in some sense, Metaverse is analogous to a super enhanced version of contemporary social media. As with social media, working in metaverse would require high self-regulation and discipline.

Author: Vijay Kumar is a v-CISO and Founder & CEO of DigiFortex (https://digifortex.com). Email: [email protected]