You could spend a lot of time building something. However, if it's not built to serve somebody's needs, to meet their goals or to help them do something, it's not going to get used.
This, says Maritza Johnson, Principal, Good Research, is important to remember. An advocate for end-users at the intersection of technology, privacy and security, Maritza’s human-centered philosophy guides how she approaches her work.
Early on, Maritza was curious about what sparks innovative technical thinking. She says, “What are the sorts of machinations that go into designing and developing a programming language? It’s interesting to me that technology is built by people. And that you could really change somebody's life and affect how they experience the world by building something.”
She believes what holds many people back from using more complex tools tends to be situations where they feel some amount of uncertainty, doubt, or hesitation. Maritza says, “Are they wondering, is this technology for me? Am I going to regret using this? Am I going to feel dumb for doing it?”
This is understandable. With the rapid advancements in technology, digital literacy can be hard to keep up with. Add to that, the security tools themselves aren’t innovating at the same pace.
Maritza explains, “Now that everyone’s walking around with powerful computers in their pockets there are live microphones, basically listening and doing things in our ambient environments. Things that I thought were merely slightly entertaining and curious, in the past, are increasingly becoming a critical part of our lives.”
One of the biggest developments has been the sheer amount of time people spend on their devices. “I have my phone with me, pretty much every minute of the day, and unless I'm in the shower or on a tennis court, my phone's always right there,” says Maritza.
These devices are not necessarily secure, yet they are being brought into the workplace.
With today’s speed of technology advancement, ubiquitous apps like Slack are taking off in popularity, it seems, overnight. And workers are sharing sensitive data in the app. Maritza points out that while we’re adopting the use of new apps very quickly, the places where sensitive information is being typed and sent, has changed.
A recent study by Gartner found that 69% of employees had bypassed their organization's security policies over the last year, and 74% said that they would be willing to do so if it helped them accomplish a business objective.
“The statistic makes me feel very sad. And it's not their fault. We, as builders, can do better and offer better choices,” says Maritza.
“I'm not going to wag my finger at people who are getting their job done.” Within the economic context of a typical workplace, there are quotas to fill and goals to reach. Maritza thinks that there's probably a side of them that knows they're probably not going to get caught. “With less-than-optimal tools available, I feel that it's very understandable that this is happening.”
In the United States, the Occupational Safety and Health Administration (OSHA), is there to be sure that workplaces are safe. “I would love it, if we could think about computer security, data security and privacy in similar terms,” Maritza says. “I think about those workers and by and large, they have been placed in an unsafe work environment.” Maritza doubts they have the tools to reasonably do their job in a secure way.
“I wish I could have a timestamp of the last time I was pleased by the user experience of a security tool, because it's been a long time.”
Maritza believes that internet and consumer technology has advanced to the point where we can build security as a useful and usable product in the same way we can build any other product. “There doesn't have to be this mysticism around hiding security features or gatekeeping it from people.”
End users encounter barriers daily with their cybersecurity tools, which can be simplified without compromising their effectiveness. "Secure by design" is a principle in creating software and systems that make security a foundational part of their design from the start. Instead of adding security features later or only when problems arise, this method helps to lower the chances of security issues. It lessens the damage they can cause and improves privacy, ensuring that user data is protected and handled responsibly from the outset.
“I am focusing on our relationship with data. We need to redefine how we think about, use, and care for data.” Maritza is working to help people who feel uncertain about security advancements become more empowered to ensure their data is secure.
Secure by design isn't just the future of technology—it's an essential priority that ensures our digital advancements are as safe as they are innovative, creating a tech landscape where user needs and security are not just afterthoughts, but the foundation of every build.
If you want to learn more about how to embed privacy and security into the design of digital products and systems, check out her playbook “Applying Privacy by Design to Inclusive Finance Product Design”.
To discover how you can engrain security into your infrastructure automatically and without burdening end users, contact us.
Maritza Johnson is an expert on human-centered security and privacy with industry, teaching, and research experience, she is currently a principal at Good Research. In prior roles, Maritza was the founding director of the Center for Digital Civil Society at the University of San Diego, a user experience researcher at Google, a researcher at the International Computer Science Institute, and a technical privacy manager at Facebook.
Dr. Johnson holds advanced degrees in computer science from Columbia University (M.S., Ph.D.). She is also a graduate of University of San Diego (B.A.).
Her paper "The Failure of Online Social Network Privacy Settings" won the Future of Privacy Forum's Privacy Papers for Policy Makers Award in 2011.