Users are the biggest risk to information security. That’s why it’s so important to have a usable software product, especially in the cyber security space. Our goal is to give people the agility and control they need to reduce risk. Usability is our North Star.
With this goal foremost in our minds, we’re building a growing team of usability experts, including cyber security software UX researchers, UI designers, and developers, continually improving the Thycotic experience. This post is the first in a series in which you’ll hear about the process we’re using to research how people use privileged access management (PAM) tools and the steps we are taking to address those requirements in our product interface and overall user experience.
The first-time user experience must be so intuitive that people can jump right in
The PAM software market is growing rapidly. More types of organizations and more people within an organization are using software for privileged access management for the first time. We need to make the first-time user experience so intuitive that people can jump right in. People should be able to figure out how to use PAM software in a matter of minutes, with a consumer-grade user experience, or they’ll get frustrated, abandon the tool – and increase their risk as a result.
In terms of design and usability, B2B software products often lag behind consumer products, but we believe they don’t need to. Most of us spend a third of our lives at work. There is no reason that tools we use in the workplace shouldn’t receive the same level of attention as the products we use at home. You deserve to spend time with products that you enjoy using.
Our guiding principles
In our PAM product development and design we have several guiding principles and we rigorously test our products with these in mind. These principles hold true whether our customers have 5-6 folders with a few thousand secrets or need to search and retrieve information across hundreds of thousands of secrets.
- Clarity. It’s important that we create a balance of information awareness and usability without cluttering your screen. This is not about making things “pretty,” it’s about data saturation. When people are paralyzed with choices, they are less productive and may avoid the product altogether. Our team works to prioritize the most common, most essential controls and surface certain controls only when needed. Our goal is that software users should be able to do 90% of the actions they require within one click.
- Flexibility. Security, IT Operations and Development roles used to be very distinct. Everyone stayed in their box and contributed according to their specialization. But now, each of those departments interacts with PAM and has different needs. That’s why we look at our user experience from many angles – from the people deploying the software to those using it every day – and built a ton of flexibility into our product so people so people can make it their own.
- Accessibility. Everyone should be able to manage our products. Long term, we are working toward the goal of 508 compliance and ensuring access for people with vision impairment.
- Light footprint. Our developers don’t create spaghetti code and our products consume minimal resources so we don’t negatively impact the user experience. We don’t want to slow you down when you are trying to get things done.
Our user experience process includes a mix of usability testing methods, including direct interviews, A/B testing, and more. We check our assumptions and we listen. We’re open to surprises.
With so many different implementations and customizations of PAM software, we screenshare with customers so we understand the context of how Thycotic fits into their environment and their workflow. Are they switching back and forth with Azure, or Active Directory, or Android devices? How do they want to use the space within the PAM interface?
Iterative design approach
One thing we’ve learned is that design cannot be a stop and start activity. If you neglect design it very quickly becomes stagnant. We’ve taken the approach to change design gradually so that our users don’t feel a radical change that interrupts their workflow.
We’re continually assessing our product design with user testing and direct input from customers. As new features and workflows are integrated into the Thycotic software experience we’ll be letting you know and asking for your feedback.
How will the rollout plan work?
Thycotic’s cloud PAM users are first to experience our new user interface, with the 10.6 release of Secret Server Cloud.
- Customers: When you log in to Secret Server Cloud you’ll see an option to switch to the new UI within your Settings. (If you like the Classic UI, that’s ok too. You can switch between them as you like).
- If you’re considering Thycotic we invite you to experience Secret Server Cloud and preview the new UI with a free, 30-day trial
This first update focuses on areas of Secret Server where users spend 90% of their time. The result is a Secret Server UI that helps you view and manage secrets even faster.
- The modern, clean interface eliminates distractions so you can focus on priority tasks
- New styles indicate the next step to advance your workflow
- Drag-and-drop modules let you customize your dashboard
- Context-sensitive elements appear only when you need them
Compare the Classic Secret Server UI to the New Secret Server UI
(click for larger image)
(click for larger image)
These software updates and more will be rolling out to the entire Thycotic community over the coming months.
As always, we’re eager to hear what you think. If you have feedback on these enhancements or ideas for features you’d like to see, please let us know at UX@thycotic.com.
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Nicole Sundin. Read the original post at: http://feedproxy.google.com/~r/Thycotic/~3/Er91gfifbUE/