The metaverse may not be new news, but it’s certainly becoming an opportunity to collaborate and foster innovation across geographical and organizational boundaries, shaping new experiences with others, enabling people to ‘work’ together no matter where they are in the world.

An example of creating an unparalleled experience is at Accenture, where all new hires go through their first-day orientation at One Accenture Park – a virtual campus built in collaboration with Microsoft. The company’s new hires use Mesh for Microsoft Teams and create their own customized avatar to mix and mingle with colleagues from around the world.

In Singapore, the metaverse vision is getting closer to our daily lived experience. Medical and nursing students at NUS Yong Loo Lin School of Medicine are using mixed-reality solutions and Microsoft HoloLens 2 to learn medical procedures and anatomical structures. These help to train up students’ competency to achieve the highest standards of clinical practice in a safe space, which will lead to better healthcare experience and patient outcomes.

These new experiences are just the beginning of change in the way we interact. According to the Microsoft Work Trend Index 2022, 58% of employees surveyed in Singapore are open to using digital immersive spaces in the metaverse for meetings and team gatherings, meanwhile 54% are open to representing themselves as an avatar in meetings in the next year. Our research shows that when compared to an audio-only call, people feel more engaged, more present, and even more comfortable when using an avatar in a meeting.

As a fairly new technology to be used in the workplace or in educational institutions, one of the most important elements is security – something that can become a deal breaker for enterprises that don’t act fast enough to address this.

This brings us to the importance of setting the right foundations for the metaverse: There is a chance now at the start of this era to establish specific, core security principles that foster trust and peace of mind to create a positive metaverse experience for everyone. Missing this opportunity means needlessly deterring the adoption of emerging technologies with great potential for improving accessibility, collaboration, and business.

So how can we prepare and create a trusted environment in the metaverse?

Securing identities in the metaverse

In the metaverse, fraud and phishing attacks are harder to distinguish when targeting your identity could come from a familiar face – literally – like an avatar impersonating a coworker, instead of a misleading domain name or email address.

This makes securing and managing identity in the metaverse the top security concern. Organizations need to be assured that adopting metaverse-enabled apps and experiences won’t upend their security and access control.

Constructive steps include integrating access through multi-factor authentication (MFA) and passwordless authentication into most frequently used platforms. Enterprises can also build on recent security and management innovation in the multi-cloud arena, where IT admins can use a single console to govern access to multiple cloud app experiences for users.

Enforcing transparency and interoperability will be key

There will be many platforms and experience providers in the metaverse, and true interoperability can make the gaps between them seamless and more secure while enabling exciting new scenarios. Think of bringing your virtual PowerPoint presentation into a client’s virtual meeting room, even if it’s operating on a different platform.

Trust cannot end at the doorway of a virtual meeting space, for example – it must extend to the interactions and apps within – otherwise security uncertainty will leave people unsure about being in a new virtual space and create gaps that can be exploited.

This is where transparency can enable this transition smoothly. New platforms usually run a tough gauntlet once they arrive in enterprises at scale — that is often when security researchers really begin probing code, features and product claims.

Metaverse stakeholders should anticipate security questions and be prepared to jump on any updates. There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates.

Working together will become our strongest defense

Security is a team sport. The problems of yesterday and today’s Internet — impersonation, attempts to steal credentials, social engineering, nation state espionage, inevitable vulnerabilities, the rule of laws and social norms — will still be with us in the metaverse.

The security community, from researchers, chief information security officers to industry stakeholders, and even users, will need to understand the metaverse terrain as adversaries do and use it to our advantage.

Metaverse platforms will likely create and generate entirely new data streams with the potential to improve authentication, pinpoint suspect, or malicious activity or even revisualize cybersecurity to help human analysts make decisions in the moment.

As with any new frontier, high expectations, fierce competition, uncertainty and learning on the fly will define how the metaverse evolves — and the same is true for securing it. But we do not need to predict the ultimate impact of the metaverse to recognize and embrace the security and trust principles that make the journey a safer one for all.

The priority at hand is for business leaders to embrace the lessons learned about identity, transparency, and the security community’s powerful collaboration. This will allow them to fully utilize emerging technologies to keep their workforce safe and ride this next wave of technology to reach its full potential.

Richard Koh is the Chief Technology, Security and Customer Success Officer, Microsoft Singapore