Keys to the Kingdom: Enterprise Data Security in XR

J.C. Kuang, Analyst J.C. Kuang, Analyst Devices & Technology, Enterprise Transformation, Enterprise xR Intelligence Service, Insights

Data security woes and upcoming regulatory action in major markets should be front and center for enterprises looking to implement XR. Customer data breaches, vague terms of service, and compromised intellectual property present real dangers to the public perception of an individual organization. And this is to say nothing of the bottom line.

Since mid-March of 2018, new discoveries regarding the unprecedented data collection scandal involving Facebook and controversial data firm Cambridge Analytica have continued to make headlines. More and more consumers have become wary of large companies such as Facebook and Google’s monopolization of data. These woes are compounded by vague terms of service which leave ample room for interpretation by less reputable third-parties.

Captive Audiences

B2C enterprises, in particular, should be especially conscious of the current climate and strive to educate employees and consumers alike on responsible data usage. Nearly all major tethered XR hardware relies on external cameras, and in some cases, infrared imaging, to improve the user experience. Reducing motion sickness and improving fidelity via environment mapping is a necessary step in achieving presence. However, the ability to see into an individual’s private space represents unprecedented reach for manufacturers and merits serious scrutiny.

VR developers are currently struggling to nail down best practices for using environmental data. All the while, advancing hardware capabilities are currently outpacing our ability to craft responsible data practices. Eye-tracking is already on track to becoming a standard feature even on lower-end mobile-grade hardware, and at least one major firm has already set a worrisome precedent for biometric data security. Companies should and must commit to serious, enforceable security protocols in order to assuage customer fears and position themselves far away from the damaging perception that has plagued data-focused companies like Facebook for over a decade.

Corporate (In)Security

Amidst all this commotion, it can be easy for enterprise XR practitioners to overlook the importance of traditional security and strong IT practices in order to protect privileged intellectual property or tradecraft. The same information-gathering technologies affecting consumer data security stand an arguably greater risk of attack from malicious actors. Hackers see great value in acquiring information about prototype designs, training information, and other data endemic to current XR workflows. This is doubly crucial if opting to build on a foundation of open source technology, as the U.S. government has done on more than one occasion.

Other governments, in turn, have kept a finger on the pulse of data security over the last decade: more regulations are to be expected after the imminent realization of the General Data Protection Regulation in the European Union. This new legislation has widespread implications for businesses based therein. Therefore, preemptive investment in robust cyber security, as well as thorough ad-hoc vetting of both XR ecosystems and third-party partners is more crucial than ever to the protection of IP and assets. In an era of increasing digitalization and ever-optimizing forms of consuming media and consolidating information, security will continue to be a going concern.

Have more questions about how VR and data security will affect your business? Become a client and discuss more with Greenlight's analyst team.