Everything you need to know about successfully adopting VR in Enterprise!
So, you want to learn about adopting Virtual Reality in your enterprise or government department. Odds are high that if you found yourself here, you likely did your basic research and know that VR consists of putting a device straight out of star trek on to your head and being transported to a new world. You also know that many of your employees (or you) have asked to integrate this new technology into their existing production, training, or research pipelines.
While there’s a plethora of resources available to learn more about how to set up a headset or how to install the latest software, it can be tough to find a nice guide which covers the less exciting, but arguably most important part, of adopting VR in a large organization. Let’s talk about the riveting topic of security.
With any request for a new and innovative technology, another wrench is thrown into the massive cogs that represent the policies and processes behind enterprise security. Usually (if you’re like me), people in innovation shudder at terms like “Authority To Operate (ATO)” or “Software Approval Process”. While these processes are indeed often considered to be tougher to deal with than if you could just skip them entirely, they’re obviously there for a reason. Therefore, viewing them as an ally can prove to be a valuable tool in your quest for true adoption of Virtual Reality.
Now that that’s out of the way, how do you go about creating a secure environment for Virtual Reality? While we can’t narrow down the exact steps your specific organization should take considering each environment is different, we can help identify where your areas of focus should be. The list below are some good starting points for breaking down where to start.
PC VR vs Standalone VR
- While there are other hybrid technologies out there, for the sake of this conversation we’re going to separate VR into 2 very distinct and important umbrellas. The most common type of VR is known typically as PC VR. With PC VR, a VR headset is connected to a computer typically via a display port, HDMI, USB, or another mix of cables. The primary note to pay attention to here with PC VR is that the processing is done on the computer. This means that on an application level, the data processing itself is nearly identical to any other sort of Windows application and can therefore typically be viewed similarly (or at least a good starting point).
- Alternatively, an emerging type of VR is Standalone VR. With Standalone VR, all of the processing, storage, etc is done on the headset itself. The large majority of the time, these headsets are Android based. This means that for security purposes, your starting point should be to view the processes behind these standalone devices similarly to how you would onboard and manage existing mobile android devices. While each device will require an investigation into what sorts of data is collected just for that model of headset (looking at you, Oculus/Facebook), the general process for standalone headsets isn’t too different from Android devices.
Firmware/Software
- As mentioned briefly above, each application that goes onto a headset (be it standalone or PC VR) should be approved similar to any other application on typical systems. While these applications will likely vary based on the line of work your organization is in, you can be proactive by investigating the firmware and common software used in the VR industry. Below are the primary names you’ll come across frequently
- SteamVR / OpenVR are two names you’ll often hear synonymously. To put it simply, OpenVR is an SDK and API used by developers that allows any compatible headset to talk with their application. SteamVR is the client that the user (you) needs to install in order to communicate between the software and the headset. SteamVR is installed inside of the Steam Marketplace, but it’s possible to extract the SteamVR client to be added to an image without relying on the marketplace. This is excellent news for organizations, considering the steam marketplace introduces a new world of security barriers when bearing in mind that its sole purpose is installing 3rd party software.
- Oculus/Vive/etc Client are the clients you’ll come across that are required to make your headset work. Each headset typically has its own corresponding client that needs to be installed in addition to (usually) the SteamVR client. These clients, like any software, typically need to communicate to a cloud database somewhere to fulfill their operations. Referring back to security, this is typically just for firmware updates and licensing, but it’s important to review the data policies surrounding these clients to ensure they fit your organization.
Data Collection
- Keeping in mind the previous notes on PC VR vs Standalone, there are a few additional topics to keep in mind when onboarding VR into your workplace. While standalone and PC VR operate differently, they both log certain data pertaining to the device and how it’s being used. This can encompass anything from biometric data, to usage data, to user data. While this info is primarily used to better the services of the headsets, it’s important to know every step of where this data goes so your organization can be aware of it.
Miscellaneous
- While we obviously can’t cover every aspect of VR and its intricacies, if you’d like to know about other potential security topics we suggest researching emerging reports on personal identification via VR biometric data, as well as the next step in VR known as VR cloud rendering just to name a couple.
That’s it! Now tomorrow you should be able to walk into your office and happily use VR with the peace of mind that it’s absolutely 100% secure… Or not. Unfortunately, every technology (new or old) has its own security checks it should go through, and we at BSI recommend conducting the same thorough checks of VR technology as any other tech stack. That said, we hope this guide gave you a good place to start and make the intricacies of VR a little more swallowable. As always, we’re here to help your company analyze how to best scale to fit the needs of your employees or clients through the use of innovative technologies.
For more information please go to www.bsisnc.com