Compliance in Virtual Worlds: Extension of Identity Management

In our world, reality and virtual reality are coalescing at an alarming rate. On a simple level, we enter instant messaging (IM) conversations with those in the same office as ours, preferring a virtual conversation to a physical one. On the other end of the spectrum, we can invent characters in Second Life where we live entirely parallel lives unbeknownst to those around us.

Does compliance find meaning in virtual worlds? We believe it does.

If someone in your organization takes on a Second Life personality, and uses that to breach your corporate policies, the Second Life personality is simply another identity used by the employee. The compliance enforcement challenge, of course, is that many of the new virtual worlds are virtually invisible to the corporate world.

We predict that, over time, the concept of "identity" will extend to include a map of any aliases used by a given employee. So the "david.sengupta" corporate account could, for example, be associated with IM handles including,, and David's Second Life persona could be Fritz Finkenstein, and his phone number could be 613.123.4567. The challenge, of course, is developing technologies that automatically discover all the identities associated with all the accounts in your organization.

As compliance breaches start to emerge in virtual worlds, it is only a matter of time until companies decide to either block them, or attempt to extend the long hand of compliance enforcement technologies from the physical world into the virtual one.

... David Sengupta

One Comment

  1. Posted April 13, 2009 at 4:58 AM | Permalink

    Nice post. Thanks for sharing these tips.

Post a comment

You must be logged in to post a comment. To comment, first join our community.