Gartner touts enhanced security for virtual environments

According to Gartner research director Andrew Walls, virtual environments can not realise their potential for improved collaboration, customer interaction and information processing without appropriate security.

Highlighting social networks, virtual worlds and real-time mapping services as some of these environments, Walls urged organisations, staff and vendors to develop tools and practices to protect personal and corporate data.

“Improved security in virtual environments should be a joint responsibility between individuals, companies and service providers,” he said.

“Social software services currently provide very few user-controlled security features and do not provide users with complete control of the life cycle of uploaded data.”

Walls mentioned the ability to delete old information, and the establishment of user-defined access groups and multilayered profiles with varying levels of information presentation, as examples of potentially beneficial security features.

Beyond traditional problems like spam and malware, the security risks currently posed by virtual environments include privacy and intellectual property management, as users upload and create information that is stored and traded remotely.

Emerging threats from virtual environments include new social network analysis tools that allow easy integration of data from a variety of sources and potential flaws in user interfaces and media formats such as QuickTime, AVI and MP4.

Despite the security risks, Gartner predicts virtual worlds, social networks and mapping environments to merge into highly integrated online environments over the next ten years.

“Organisations cannot block social networks and virtual worlds, because they will become the base infrastructure for business and personal interaction in the future,” Walls said.

“Now is the time to build security tools and infrastructure that enable the organisation to benefit from them,” he said.

Gartner recommends that organisations gain familiarity with virtual environments, review license agreements of sites used by staff, establish security infrastructure controls and a usage policy, educate staff members, monitor use and assess compliance.