How can enterprises address unique vulnerabilities introduced by XR devices, while ensuring compliance with their existing IT security frameworks? How can they benefit from engaging with the AREA Security Committee initiatives?
James Cooper, Chief Technologist, Advanced Visualization at Raytheon (an RTX Company), and Chair of the AREA Security Committee, answers these and other questions about bringing AR/XR into the enterprise. Please visit thearea.org.
Episode Transcript
Greetings listeners. I'm James Cooper,
Chief Technologist for AdvancedVisualization at Raytheon, an RTX company.
I'm also the committee chairfor the AREA Security Committee.
I was asked to record some thoughtsand considerations regarding XR and
security, so let's dive in. First,
how can enterprises address uniquevulnerabilities introduced by XR devices
(00:30):
while ensuring compliance with theirexisting IT security frameworks?
This is right in the vein of the sortsof discussions and activities we hold
through the area security committee.
Some of our member enterprisesare particularly sensitive to security needs and
compliance, but really theseconsiderations should be pretty universal.
(00:50):
There are still a lot of nuances thattrigger some debate. For example,
do we classify these as computers,mobile smart devices or something else?
The first two can perform most operationswithout the camera being on or having
awareness of the spacethey're in. However,
XR devices are increasingly aware ofthe user surrounding space using cameras
(01:12):
and AR to map out the room usingAI to identify people and objects
and putting it all together towards someconcepts of mixed reality and spatial
computing.Now, beyond the kind of device AR,
there are a lot of otherconsiderations like operating systems,
network connectivity, MOAdevice management, and admin controls, even chip sets.
(01:33):
Online access can be managed throughfirewalls or other network management,
and these are things that aremore common to other device types,
so it's a little more routineto IT groups. In the end though,
each enterprise will have to define theirsecurity posture and perform the level
of due diligence thatmeets that requirement.
Making sure to address the nuances of xr.
(01:54):
Maybe these devices need to be kept offcompany networks and only have sanitized
data siloed onto them.
Maybe they can only be operated invery specific cleared environments.
Maybe there can be managed devices withtools and processes to ensure safer
operation and maybe that can evenbe extended to personal devices for
(02:14):
a BYOD option. Second,
what are the most effective strategiesfor enterprises to secure XR
applications?For the first question,
I focus more on the XR device itself.
Here we'll look atapplications for the device.
So let's start with apps from thirdparty providers like you would find on an
(02:34):
app store.
The mainstream app stores try to dotheir best to ensure the security of the
apps they provide,
but every so often you hear about someapp that contained malware and was taking
photos, capturing keystrokes or covertlyperforming some other nefarious deed.
So what do you do? Again, it depends.
One choice might be to run the devicesin kiosk mode with only very specific
(02:58):
apps pre-installed for usersand no ability for those non-ad admin users to add,
remove, update, or modify those apps.
This is obviously very limiting,but works well for some use cases.
Another option might be a mobiledevice management or MDM tool or an
enterprise's it can manage the deviceincluding app management. There's more
(03:21):
room for flexibility here where youmight have a blacklist of strictly
UNALLOWED apps,
a whitelist on allowed categories andcontrol over when updates have been vetted
and are clear for installationfor first party applications.
Apps you develop in-house,
there are secure coding practice guidesand libraries developers can utilize.
(03:41):
These can help with things like whichsettings to use in your development
environment or providing functionalitythat has passed some security rigor with
the trusted community or entity. Three,
how does the area security committeecontribute to addressing the challenges of
securing immersive XR environmentsand what resources or guidelines can
enterprises leverage to enhancetheir security measures?
(04:04):
So the area security committee existswith a focus on current and anticipated
future security risks associated withthe use of AR enabled wearable and mobile
devices in enterprise environments.
Our committee members analyze anddiscuss security from different angles,
including hardware,software, and management.
We host speakers on a varietyof security related topics,
(04:26):
development circulatesurveys to inform studies,
and we produce security mindedresources to enable enterprises
for highly informative and yet easilydigestible. Security infographics,
secure app developmentguides, security reports,
and a soon to be published augmentedreality security maturity model profile.
(04:47):
There's a lot of rich content availableand being developed through our group.
Last but not least, four.
What role does AREA play in drivingcollaboration among stakeholders to
establish standardized securityprotocols for XR applications and how can
enterprises benefit from engaging withthe area security committee initiatives?
(05:09):
Looking at the wider area organization,
there is a lot going on todrive collaboration across our various members and
stakeholders toward betterEnterprise XR security.
While the security committeeis focused on XR security,
there can be cross discussions andcollaborations with the other committees,
including safety, humanfactors and requirements.
(05:31):
There's also a research committee thatconducts and facilitates research-based
projects across a spectrum oftopics, including security.
Newer is the AI joint working groupunder our parent organization,
the Object Management Group,
which examines AI for enterprisethrough different lenses,
including XR and security.
(05:52):
All that is to say there are a lotof opportunities for participating
and their organizations to getinvolved in our discussions, projects,
and other activities,
and to help set the direction forthose endeavors by sharing needs,
opportunities,
concerns and ideas.The greater the number and diversity of
voices in this project,
(06:13):
the better our ability to address themost pressing and pertinent matters in XR
enterprise security.
We need strong enterprise engagementin order to continue best serving our
mission to deliverenterprises the insights,
analysis and information they need tobe confident in the security of their XR
deployments.
I hope this has been helpful at how youare thinking about security and XR Free
(06:36):
enterprise,
and I encourage you to engage withthe area and our security committee.
For more information, pleasevisit the area.org or email
info@area.org.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!