What’s in store for the world of tech in 2022?

“In 2022 it will not be easy to be a big technology company, worse so if you’re in social media or heavily dependent on unrestricted data collection”

Dan Bogdanov

Head of Information Security Research Institute

Two years into a global pandemic our lives and reliance on technology have changed immensely. It sounds stale, we know, that the way we work, interact with each other and service providers most likely will never be as it was before. With reliance on tech also comes rapid development, which can bring about many positive changes, open up new businesses and make people’s lives better, but it can also trigger new threats or uncomfortable changes in the way we go about things.

We asked some of our experts and heads of departments to comment on what they think will be prevalent trends in 2022 and further down the line.

We still need to talk about security

We will live and work in hybrid formats - from home, remotely, on the go and less from the actual office. We become more blended, recruiting globally from different cultures and timezones and this, of course, affects technology, too. Controlling security in such environments is very hard, even harder is controlling the security behaviour of individual remote workers. This in turn is an excellent breeding ground for cyber criminals.

According to Sander Valvas, Head of Cybersecurity Department, we will see more and more individuals and organisations attacked and compromised by cyber threats.

“I believe that Zero Trust Security model is the philosophy that helps organisations to cope with such situations and limit the damage. The concept behind the philosophy is “never trust, always verify,” which means that devices should not be trusted by default even if they were previously verified,” says Valvas.

A zero trust model gives users access to only the data they need to do their jobs and nothing more, reducing areas of attack. Incorporating zero-trust principles ensures that there is no single point of failure when systems are breached. Valvas explains: “This way even if the attacker knows a username and password, they cannot use it to access privileged information given to specific application roles, identity and access management, and cloud-network perimeters.”

Valvas believes that a lot of organisations will start redesigning their information systems based on this philosophy and it will be the main buzzword in cybersecurity in 2022 and beyond.

“Above all, however, it is important to understand how your business functions, what information is important for your business processes, where the data is, who should access it and when,” reminds Valvas. A lack of resources for a proper assessment invites educated guesses since protecting it all would be impossible. Process modelling and well-defined and implemented management policies will become the key here.

The year of digital identity, just not maybe as you’d expect it

In digital identity technologies the biggest expectations in 2022 are around the EU Digital Identity Wallet developments. At the beginning of summer 2021 EU Commission launched the idea of Digital Identity Wallet together with a very ambitious plan to deliver the technical requirements for such a wallet by early 2022.

Head of Digital Identity Technologies Kaija Kirch points out that the most important part of the wallet is that it would enable different technologies. “It is, of course, very important to ensure that the technology used for a Digital Identity Wallet will provide a sufficient level of security. We strongly believe that sufficient level of security for any kind of Digital Identity Wallet can be achieved by using software based solutions only. There are great hardware based security solutions available, but a software based security can achieve the same without compromising in security and usability,” says Kirch.

A software based approach to wallet security can also significantly reduce the length of the supply chain, limit the number of involved counterparts, and enable flexible and quick correction of any possible flaws that may occur along the way. As an illustrative example, the 2017 ID-card crisis in Estonia showed us how difficult it is to correct a security flaw in a hardware token. Although it was an excellent real-life cyber incident exercise, we still wouldn't recommend this experience to anyone.

However, the future of digital identity technologies may not be about a wallet at all. Sure, we may include our identity data or other digital data into a wallet-based solution, but wallets already exist, there is nothing new about having a wallet in your phone. We all have them, we all use them for boarding passes or concert tickets.

Kirch presents a new viewpoint for the development of digital identity: “2022 may bring us the clarity that digital identity technologies are most of all about secure data processing and much less about the user interface such as a wallet. Digital identity is about proving that "I am who I claim to be", but it is also about making sure that no-one else can claim to be me. In that sense, it is much more important to focus on the the technology that ensures the security at the back-end of the solution, and slightly less important to choose the most suitable front-end solution such as a wallet, an app or something else.”

For the "no-one else can claim to be me" purpose it is also important to have a sophisticated fraud detection mechanism incorporated into the digital identity solution, wallet-based or something else. This may be one of the biggest challenges in 2022 and for EU Digital Identity Wallet, because the concept currently prescribes that no transaction data should be collected.

Privacy and big tech (regulation?)

In 2021 we saw some of the big movements in the consolidation of online platforms - we saw how Apple and Google started locking down the use of their platforms, for example, for advertising. We saw the General Data Protection Regulation being enforced more strongly than before. We saw a brand new digital identity regulation proposed in Europe. All in all, the European Union showed an unprecedented level of agility in rolling out interoperability solutions for exposure notifications and vaccination certificates across member states. There were some hiccups, but travel in the block worked and life went on, despite COVID-19.

Dan Bogdanov, Head of the Information Security Research Institute, paints a dark picture for big tech: “In 2022 it will not be easy to be a big technology company, worse so if you’re in social media or heavily dependent on unrestricted data collection.”

These business models will increasingly be controlled by ecosystem owners like Apple and Google and restricted by regulation. However, ecosystem controllers will be challenged by nation states who wish to enforce digital sovereignty and roll out national digital identity schemes that are not dependent on features of specific devices. Governments will also feel the need to further control the spread of information on social media, further fuelling the confrontation.

“Technology will have to get greener. As has been said several times - decentralised blockchain might happen, but it will not be technologies or business models we see today.  So-called third generation blockchain companies will have to show if they are a selling a dream or there is chance that the dream of Web 3.0 can be salvaged. As we work towards that, we will go through some models that may work and many that will fail,” says Bogdanov.

He still has hope for 2022: “I hope that the public sector will take notice of the increasing use of security and privacy technologies by large technology companies. Governments could achieve so much innovation in healthcare, good governance and possibly also law enforcement. While technology does not solve ethical issues, governments can show that we can build precision medicine, AI and prevent identity fraud without having to build superdatabases of all citizens.”

Let your data do the talking for you, but only if you want to

Another side of privacy is the ownership of data - according to GDPR, citizens must have control over their private digital data. They must know which institutions hold their private data and should be able to enforce control over it using digital means.

Maksim Ovtšinnikov, Head of Data Exchange Technologies, predicts that we will be moving towards consent management for data usage fast: “We imagine that soon citizens can log into e-government platforms such as Cybernetica’s UXP where they can see which private and public institutions currently store and use their private data. Citizens can also ask to delete the private data if its use is not defined by law or citizen consent.”