UX Architect
Data Security Tools

Requested by CTO of data security to redesign IBM Guardium for a radically simplified user experience. Led design team including product management, sales, support, technical architects, and UX specialists. Led customer interviews to define user roles, pain points, and key goals for discovering and protecting sensitive data. Iteratively tested designs with customers using conceptual wireframes and interactive prototypes.

Process and Designs

1. User Research

One of the key issues for my design work in the data security space was the number of different roles involved in the process. I created the model to the right after interviews with customers, consultants, sales enablement, and product managers who had worked in this space for a long time. This model and the details linked below helped shape our design, but I also learned when reviewing the model with new customers that many organizations had not matured their security processes to this level. They saw this model as a learning tool and wanted the design to guide them in its implementation.

2. Navigation — Where to Start

The existing navigation structure in the data security tooling was a huge problem — it was system/tools oriented and provided so many hundreds of entry points that it was difficult for users to find their way. To fix this, I designed a new navigation structure focused on user goals and end-to-end task scenarios that led users step-by-step. To communicate the new structure to the development team and test it with users, I coded an interactive navigation prototype using HTML, CSS, and jQuery.

3. Express Security

One of the major pain points of the existing product was the time and effort required to get a working security system up and running. To simplify this task, I worked with our internal architects and services team to automate much of the process. The screen to the right/below shows the few simple steps in the new design needed to get to active protection for sensitive data. Users simply needed to choose a security standard (like PCI, SOX, or HIPAA) and the datasources to apply it to, and all the setup, discovery, and policies would be implemented in the background.

4. Security Operations Dashboard

Large enterprise customers needed to provide security monitoring for thousands of datasources. This meant a security infrastructure of hundreds of security servers and difficulty keeping track of it all. To solve this problem, I designed an Security Operations Dashboard that showed security health status rolled up from data servers to collectors and aggregators. This allowed security admins to get an enterprise-wide view, but also drill-down on specific issues at each level.

5. Security Analyst Dashboard

The security analyst role is responsible for monitoring the sensitive data and privileged users on a set of datasources. I designed a similar dashboard for the analyst as I had for the operations. This allowed for separation of duties (those setting policies are not monitoring the activity and vis versa), and gave analysts a realtime picture of security violations and vulnerabilities. The expanding column groups and click to show alert lists allowed for interactive triage.

6. Discovery Dashboard

Our long-term goal with the new navigation was to have a dashboard for each user goal, like setup, discovery, harden, and so on. The wireframes to the right/below shows my first attempt at this with the discovery dashboard. Discovery processes would run and identify new datasources, sensitive data and privileged users. The security admin and analysts could then take the appropriate actions to secure these datasources.

7. Topology Overview

Another design I explored with my lead visual designer was an enterprise-wide topology view. This would server a similar purpose to the Security Operations Dashboard and the Security Analyst Dashboard, but allows for more visual zooming and allows for visual represenation of the structure of the security enterprise.

8. Discover Sensitive Data

Here is one of the end-to-end scenarios linked to from the navigation. This step-by-step procedure brings together a set of related policies, processes, and reports that previously were scattered in different tools in the interface and required users to search and jump around to complete a common and repeatable task. I proposed the initial expanding sections design and worked with one of my lead designers on the details of this process.

9. Who, What, Where, When

One of the first problems I worked on in the data security space was how to help users find security intrusions and vulnerabilities, and how to help them prevent a repeat of the problem in the future. Before building the larger design team, I created this set of mockups with input from the CTO of and showed how we could apply faceted browsing to integrate key security data and help users find problems quickly. We also tied related tasks to the context of browsing — all of this was scattered and impossible to find in the existing product.

10. Graphing Activity and Outliers

The previous Who, What, Where, and When browsing was introduced in the product as Quick Search. The next release, we added graphs to visualize the quantity of activity and tied it to error data, but more importantly, we incorporated outlier recognition. One of my visual designers and I designed the graph and interaction shown to the right.

11. Mobile Security

While many of our design were viewable on mobile devices, one of my designers and I made an effort to look at designs specifically for the mobile platforms. The Health Summary shown to the right/below in tablet and smartphone form factors showed how the quantity of health information shown in our dashboards and topology views could be summarized for mobile platforms. At the time, this was not a high priority for our users.

12. Iterative Customer Feedback

We gathered feedback throughout the design and development of the items above and used it in the refinement of our designs. From the beginning customers were excited to see the direction of the design. Beta customers gave the ease of use high praise and the sales team reported greater success in customer shops where ease of use was a deciding factor.