Once upon a time, Duo gave an engineering team a whole week to work on a hack project. The work described below was done within one week in collaboration with engineers and data scientists. I was the only designer on this project.
When you are in a security industry (and generally any other industry), you look to your peers to get a better understanding of how you can secure your environment. This understanding paints a better picture of where you can improve. In a corporate context, sometimes it even helps an IT administrator (a persona we named Gary) convince leadership to invest in areas they previously didn’t think were necessary.
So we thought, what if you could compare your organization’s security posture to that of other organizations? What if you could see how many out-of-date devices you have in your environment compared to industry’s average?
Since we only had a week to develop this comparison tool, we had to tackle all technical constraints first, and lay out what data we can gather and analyze. We found that we could pull the following information about customer’s environment:
Then, we had to decide what to comparing against.
Comparing against a single criteria wasn’t enough to paint the whole picture. If you are a company in a tech industry with 60 employees, you have a different budget for IT and security than a company with 2500 employees. We decided comparing against both criteria would provide the most benefit to our customers.
I turned to my favorite tool. Good old paper and pencil, to rapidly sketch different ideas. How could I help Gary to quickly grasp his environment, how could I tell a good story? Many stories are told in words, but Gary got no time to read
What would work best?
In this case I only had two variables to compare for each security posture criteria: Gary’s score and a similar company average. Putting two graphs next to each other adds cognitive load, and makes our user work harder to draw the comparison between two graphs. However, putting your organization’s score and average score on the same graph makes it much easier to compare.
What is the best way to convey how a customer is doing in security hygiene?
Once I felt confident about the direction my sketches were going, I began working on hi-fidelity prototypes. We had to move fast for hack week. First, I iterated on different ways to visualize the comparison.
Then, I needed to identify what other information needed to be presented along with the data. From past customer interviews, I learned that Garys want to print reports. Also, he probably needed to know when the report was actually run. Lastly, an explanation on what we meant under “average” was necessary.
Lastly, data is not useful if you can’t take action on it. I asked myself, how can I help IT administrators to get to a better place, get his score to be in a “green zone”? How can I make him to be proud of what he built? I added the section at the bottom of the report that walked him through leveraging the Duo product. This helps Gary to set policies around the criteria that report is showing.
I worked with a design researcher to test with 5 IT administrators who use Duo. We put the following questions together:
I put together an interactive prototype using Marvel App.
Generally, the test was success. We concluded:
Some other interesting quotes/insights: