A while ago, I was asked how to deal with cybersecurity for Web3 and the metaverses. There is not a simple answer to this. I talked about this last year at KuppingerCole Analyst’s cyberevolution 2023, our cybersecurity conference. It’ll be a hot topic again at the upcoming EIC, KuppingerCole’s European Identity and Cloud Conference, from June the 4th to the 7th in Berlin.

Going back to the question: The easiest way to solve complex problems is by deconstructing them into smaller pieces, solving these, and putting everything together again.

In the graphic, foundational elements of Web3 converge with metaverses related technologies. It’s tough to try to solve security holistically, of course. But there is NFT Security as a smaller, yet complex  challenge. There is DeFi (Decentralized Finance) Security — some of which we could deconstruct even further.

But, more importantly, there is a common universal element: Decentralized Identity. This is the glue. For solving security in a decentralized world, we need decentralized identity. Then we can solve the various challenges and construct a unified security approach.

Decentralized Identity, which is part of the broader theme of Digital IDs (aka Digital Identity) is one of the main themes of EIC 2024. Digital IDs are not just elements of Identity and Access Management (IAM). It is something much bigger. They relate to IAM, but in cross-organizational use (decentralized, reusable) and supply approaches that enable and leverage business models.

When we think about an avatar (or agent or whatever is the industry term de jour) in a metaverse, this is sort of a “digital double” to us. The term “digital twin,” unfortunately, is already used in another context (namely, manufacturing and simulation).

This digital double has an identity which relates to our digital identity. It acts on our behalf. This imposes challenges such as control, liability, and other concerns. Digital identity is the core of the solution, because we can define that identity, relate it to our identity and others, and keep control. Without this, we will fail in our journey towards new models, especially everything including autonomous or semi-autonomous (that is how I would name an avatar in a metaverse) systems.

While this field is still evolving, one thing is clear: A central foundational pillar of Web3 and the Metaverse (and every modern digital service and business) are Digital IDs, particularly decentralized identity. Also, don’t miss the recent blog post of my colleague Alejandro Leal on eIDAS and the EUDI wallet, another key topic at EIC 2024. There also is a lot of research on this topic available by KuppingerCole Analysts, such as the Advisory Note How Enterprises Will Learn to Love Decentralized IDs: The Roles of Distributed and Sovereign Identities in Our Private Metaverse written by Mike Neuenschwander.

Look at our research, talk to the analysts of KuppingerCole, and don’t miss attending EIC 2024. See you in Berlin in June!