The metaverse and Web3 could fail without identity-first security principles: Here’s…

As the digital world takes over nearly every aspect of our work and personal lives, 2022 continues to be a foundational year for enterprise leaders to prepare their cybersecurity technology stacks for the future. We live in a fast-paced digital world that is experiencing:

• Rapid digital transformation and cloud adoption, which has disrupted and introduced new business models.
• A changing geopolitical landscape that has impacted our physical and digital lives by way of new digital privacy laws and regulations on cryptocurrencies and related technologies.
• Cunning and destructive cyberattacks (notably leveraging identity) that continue to disrupt businesses daily.
• Hype regarding the metaverse, Web3, crypto, and decentralization, all of which come with new cybersecurity, privacy, and governance concerns.

IT leaders should not get lost in the hype, especially since in my experience, many still focus on old computing and security paradigms that aren’t compatible with a cloud and Web3 world, and in the enterprise space, traditional security methods place an emphasis on firewalls and network security as the main line of defense.

In the past, this approach was sufficient, as fewer users were remote or needed to access external hybrid-multi-cloud resources. As such, trust in users, their devices, and applications was assumed solved if they were directly connected to the network. Yet, for years before the pandemic, a growing number of users were already accessing corporate networks remotely. The fact that trust was assumed, by being in the network, is exactly what attackers prey on to access sensitive corporate data.

We live in a fast-paced digital world of mobile and hybrid-multi-cloud, and the traditional firewalled network is no longer a position of power and trust. Attackers typically compromise trusted accounts (or specifically “identities”) and leverage them to access critical enterprise resources—trust cannot be assumed anymore.

This has created buzz in the world of “zero trust.” From a high level, the spirit of zero trust is all about verifying and authenticating every human or non-human entity that requires access to corporate resources.

While the hype around zero trust has helped to create awareness, I believe IT leaders must evolve to focus on the most critical element: identity. This includes the identity of humans, like employees, contractors, and customers, and non-humans—dubbed “machines”—such as devices, applications, and bots. According to CyberArk, “machine identities now outweigh human identities by a factor of 45x on average.”

I believe identity is the new perimeter, and IT leaders should embrace new paradigms of security and identity. Identity-first security and identity system defense, which Gartner first coined in 2021 and in 2022, puts identity at the center of security design. Modern-day IT environments should focus on establishing digital trust for the massive amounts (and growing) of human and machine identities.

Forging ahead, I believe the metaverse and Web3 are clear examples of evolving technologies that will enter the mainstream soon and cause further disruption. As enterprises embark on this next phase, they should ensure they focus on strengthening the notion of digital identity, as it is the bedrock of trust for all entities.

WHAT IS WEB3 AND THE MODEL OF DECENTRALIZATION?

Web3 promises a solution to privacy, security, and control. Web3 is all about decentralization, typically enabled by blockchain technologies. Rather than critical web services that are hosted by centralized systems like Google and Amazon, Web3 is decentralized, meaning it is hosted on computers spread around the world.

We leave a trace of valuable identity information at every click, and the hope with Web3 is users will have more control over their data. Control and consent, I believe, will be conducted with intuitive interfaces, such as digital wallets, allowing users to understand, control, and consent to what…