Securing the new reality: why AR and VR security should be a top priority

Image credit: Shutterstock (Image credit: Image Credit: Shutterstock)

Organisations and consumers alike are excited by the new services and experiences promised by Virtual Reality (VR) and Augmented Reality (AR). In hospitals, for example, medical students are already using AR headsets to improve the depth and effectiveness of their training. Looking to the future, medical organisations are hoping to enable the performance of remote surgeries through VR — allowing specialist surgeons from around the world to treat patients all over the world.

Governments and emergency services are also hoping to tap into this technology when it comes to emergency response. The possibilities are two-fold. Firstly, members of the public caught in natural disasters may have the benefit of geolocation-enabled AR through smart devices to help guide them to safety. Secondly, first responders will be able to use headsets in the midst of a crisis in order to help figure out who is in need of help, and how to get them to safety. There’s no doubt that the capabilities provided by this technology, even in just one field, are endlessly exciting.

It is no wonder, then, that AR/VR revenue is forecast to reach $80 billion to $90 billion by 2023, according to AR/VR adviser Digi-Capital. Ultimately, this technology is set to disrupt the way we work, communicate and experience the world around us.

With this in mind, imagine the worrying possibilities at hand when this technology becomes compromised, whether it be by hackers looking to extort organisations for profit or through unintentional insider threats. Worse still, VR and AR devices create an immense amount of data about their users, so ensuring this does not fall into the wrong hands must be a priority. As this technology accelerates into new realms, at AWS we feel that it’s important that so too must a business’ understanding of how to secure and manage it.

The devil we know

For enterprises and large scale organisations, understanding how to secure VR and AR devices being used in the workplace comes down to examining what we already know about securing the Internet of Things. Ultimately, before implementing this technology, organisations need to ensure they have a closed infrastructure, with the proper authentications in place. 

Today’s best in class IoT technology continuously audits configurations to make sure that they aren’t deviating from security best practices. For context, a configuration is a set of technical controls that are set to help keep information secure when devices are communicating with each other and the cloud. If done properly, it should be easy to maintain and enforce IoT configurations, such as ensuring device identity, authenticating and authorising devices, and encrypting device data. 

As technology continues to create new possibilities in the realms of remote working, we can see how effectively authenticating these devices is vital. In the not too distant future, bringing together the C-Suite for important, confidential meetings and conferences will no longer require executives to fly all across the world. VR headsets, combined with AR technology within meeting rooms, will allow an absent CFO to appear present in the London headquarters while sitting in their local office — whether that be in Singapore, Abu Dhabi or the United States.

In this scenario, it is of the utmost importance that everyone in the room can remain entirely confident that the person they are sitting with is who they appear to be. There is devastating potential in the realms of corporate espionage, and ransomware threats, if hackers are allowed to compromise this system. Effective authentication is the key to overcoming this challenge. However, whilst we can authenticate devices and ensure they are safe while in use, this does not address the concern of protecting the pool of data that these devices create. 

Image credit: Shutterstock

Image credit: Shutterstock (Image credit: Shutterstock)

The data you don’t

Historically, when it comes to protecting employee data, the main concern for the IT team has been on ensuring personal information, salaries and documents are all secure. As VR and AR technology enter the general workforce in fields such as logistics, medicine and manufacturing, we must be wary of the employee data at stake. This technology has the ability to track and store medical information, as well as the way users act and react with their environment. 

While monitoring and tracking this data can help with the refining of these tools, it must also be a high priority for CISOs and CIOs to keep the data secure. From a compliance perspective, organisations will need to be transparent about how they are storing, securing and using this data.

As AR and VR become more commonplace, governments and regulatory bodies are likely to put increasing levels of regulation in place. This is where the importance of continually monitoring the evolving privacy regulatory and legislative landscape comes into play. Organisations need to identify changes and determine what tools they might need to meet their compliance needs depending upon the applications they have in place.

The new reality

The possibilities that are being brought to the table through VR and AR are exciting, there is no doubt about that. The immersive experiences and remote control capabilities that were once confined to the realms of science fiction are now an imminent reality. So too are the realities of chaotic disruption caused by cyber-criminals.

By its very nature, this technology requires a leap of faith by its users. As people put their most precious asset — their personal data — in the hands of technology, they need to have assurance by the liable organisation that this is something they can trust. Through the latest authentication and IoT security techniques and working with a partner such as AWS, organisations can ensure that this trust is not misplaced. Further still, staying abreast of the compliance landscape as this technology develops will be a challenge that businesses must rise to as the field becomes more complex. In doing this, we can turn these virtual concepts into a safe, secure reality.

Orlando Scott-Cowley, Tech Evangelist at AWS

Orlando Scott-Cowley

Orlando is an enterprise evangelist at Amazon Web Services; he works with enterprise executives and technology leaders to help them adopt the cloud and transform their businesses. He has over three years of experience in that domain.