The metaverse has been one of the industry’s latest buzzwords over the past few months, but recognizing the need to figure out metaverse security early on, Microsoft has released some guidelines. 

The company compared this stage of the metaverse to the early days of the web. The web made it easy for anyone to set up a website, which led to a lot of bad actors committing fraud by setting up websites that impersonated banks, government agencies, and other brands. 

This is still a problem to this day, despite decades of progress on the web. Microsoft encourages the industry to learn from past mistakes and join together to secure the metaverse. 

“The culture of information-sharing and collaboration in the defender community today has been a monumental achievement that did not happen overnight. Today ISPs, cloud providers, device manufacturers — even industry rivals in these markets — recognize the need to work together on security issues. Sitting now at the gateway of a new dimension in technology, it’s critical to align on key priorities to help secure the metaverse for generations — and identity, transparency and a continued sense of unity among defenders will be key,” Charlie Bell, executive vice president of security, compliance, identity, and management at Microsoft, wrote in a blog post

According to Microsoft, identity is where bad actors tend to turn first. In the metaverse, rather than sending you an email claiming to be from your bank, an impersonator could be an avatar sitting in a virtual bank lobby asking for your bank information, or an avatar of your CEO inviting you to a meeting. 

Organizations will need to ensure when adopting metaverse applications that they still have identity and access control measures in place. They will need to enable multi-factor authentication and passwordless authentication, as well as utilize multicloud innovations, such as IT admins being able to govern access to their multiple applications from a single console.

Transparency and interoperability between metaverse platforms will also be important. Microsoft believes there should be clear and standard communication around terms of service, security features, vulnerability reporting, and updates.  

“As with any new frontier, high expectations, fierce competition, uncertainty and learning on the fly will define how the metaverse evolves — and the same is true for securing it. But we do not need to predict the ultimate impact of the metaverse to recognize and embrace the security and trust principles that make the journey a safer one for all,” said Bell.