Good UX for Policy Orchestration Is Generally Good UX Policy

Goal

Customers know intuitively how to write policies and know exactly what happens when they are deployed, so they can be confident in the security of their entire infrastructure.

Opportunity

Simplify and unify the way customers created, managed, and orchestrated security policy across an entire portfolio of software products to:

• Achieve a foundational level of functional consistency in how security policies behave.
• Make it easier to sell multiple products as a unified solution rather than a series of loosely coupled products with very different UIs and workflows.
• Give product teams both a clear roadmap and necessary flexibility when developing policy features.
• Streamline onboarding of new products to achieve policy parity out of the gate.

Solution

Starting with an audit of all existing policy models across the entire range of security and networking products, I was able to get a clear picture of the breadth and depth of this problem for the first time. Taking a daunting catalog of features, use cases, and technologies, I led a cross-functional team through a series of design thinking workshops to distill all this data into a meaningful customer-focused narrative that made the task of policy unification not only coherent but feasible. Using the developed guidelines, I then led a cross-product team of designers through the process of building a user experience-driven security policy design system that showed individual product teams both the end goal they were to achieve as well as the roadmap to get there.

Outcomes

• Developed a broad security policy UX and UI framework that covered literally thousands of product-specific use cases into a singular, modular system that individual product teams could pick and choose from to deliver a consistent portfolio unified policy orchestration solution.
• Achieved “Leader” status in Forrester’s Enterprise Firewall matrix post-solution launch, awarded perfect scores in the “policy creation and management” and “usability” categories.
• Created the first security portfolio design system integrating over a dozen different product UI and visual design languages into a single, cohesive atomic component library.
• Presented the initiative’s process and accomplishments to a company-wide all hands as a model of how to effectively integrate UX to identify and solve entrenched customer problems.

What I learned

• Complexity can only be solved with bravery. Untangling entrenched product complexity is dirty business and not for the faint of heart due to having to overcome legacy technologies, forgotten rationales, and the lack of appetite to spend scarce resources fixing something that already “kind of” works. Making the case for overcoming this inertia requires hard conversations and relentless negotiation, both necessary if the customer’s product experience is going to be prioritized.
• Good ideas alone aren’t enough to influence people. Showing up with a genius design that solves all the world’s problems may impress a lot of senior people, but it won’t always make you a lot of friends at the product level. The destination is important to articulate, but you must also work cross-functionally to map out the path to get there if you hope to have any chance of success.

What I accomplished

• Built a community of like-minded collaborators across silos. Within a portfolio built almost exclusively by acquisition, I had to overcome a lot of narrow product-specific thinking to encourage teams to consider the bigger picture. I worked with multiple product teams and countless individual stakeholders to not only sell the idea of unified policy orchestration but also the specific benefits of being a good citizen to the broader organization.
• Introduced Design Thinking methodologies to solve big hairy problems. In need of a repeatable methodology for working across individual product teams, I decided to introduce Design Thinking processes to identify the challenges within each product and then work across the portfolio to synthesize the gathered data and generate possible solutions. All told, I ran well over a dozen design thinking sessions, with the final ideation and solutioning design sprints taking multiple days, which also included active customer validation activities.
• Created mechanisms for proactively identifying and attacking systemic portfolio-level problems. Several other cross-product issues became apparent while working through the policy alignment problem. These included Intrusion Prevention Systems, nomenclature inconsistencies, navigation challenges, and alerting inconsistencies. I created a UX product council that met regularly where product stakeholders could raise and discuss challenges with a cross-functional group of participants and see if it required additional focus or an aligned design solution.