Guardium Analyzer | Cloud Compliance
Guardium Analyzer is an IBM Security SaaS offering within the Guardium data protection portfolio. It is a lightweight hybrid solution that allows user to derive compliance insights from their data. It uses an on prem data connector and leverages IBM analytics to identify how well data complies with a chosen regulation, assess data patterns, and highlight key vulnerabilities that require remediation. Guardium Analyzer is useful for small companies to large enterprise oragnizations who need help better understanding where their data lives, and how compliant they are with regulations such as GDPR, HIPAA, PCI, SOA, etc.
My job as a researcher while working on this continuous delivery product team was to collaborate closely with my ux and front end development colleagues to refine existing personas based on an evolving involving, assess and prioritize user needs, conduct secondary research on state of the art practices, map user needs to new experiences, and liase with sponsor users and business partners. Finally, the most rewarding part of my job was getting face to face time with users to conduct conduct interviews and prototype evaluations. I also worked on UX tasks including site maps, wireframing, prototyping, and delivery of high fidelity mockups.
My design colleagues and I introduced the product team to innovative approaches such as experience blueprints that helped us to define user journeys before jumping into interative wireframing. I provided unique value to my team by implementing new research methods for evaluation and synthesis, and by creating reusable templates I reduced the turn around time for research synthesis, so that I could provide my team with the key insights they needed faster.
Users expressed excitement over a lightweight and intuitive tool for assessing regulatory compliance. Our product team became highly efficient in continuous delivery, working at a rapidly and agilely to map experiences, iterate on designs, produce prototypes, and deliver code in the course of just a few weeks. While on the team I helped to deliver experiences for risk over time, getting started experiences, notifications, multi-regulation, and auditor reporting. In talking to users I identified a new persona, the data engineer. who has become crucial to the industry, the data engineer and produced extensive research synthesis which I then was able to contribute to the wider security design team portfolio.
Jan 2017 - March 2017
My role //
My team //
Theresa Phelan | UX
Deri O Huiginn | FRont end development
Esteban perez hemminger | LEad & project management.
Rick Sobiesiak | Mentor
Quantitative and Qualitative research
“The way you guys are embracing personalisation is important.”
Stepping into our users’ shoes
Our team had great success using experience blueprints to build empathy with our users and gain a holistic perspective on their journey. We created a blueprint for each experience. We prepared for the blueprint by identifying the key persona(s). We then wrote need statements for the user specific to their needs around a story or set of tasks (eg. risk over time). We then mapped out the steps within the journey, and from there we were able to work together with our dev team to identifying user actions, and what had to happen on the front end and the back end to communicate progress to users and allow them to move forward in their task flow, so they could accomplish their goal.
Iterative wireframing and prototyping
My teammates and I met daily to share brief updates and review work as necessary. We use Sketch for creating workflows and wireframes. We like to start at the lowest possible fidelity, pen and paper, so that we can make changes quickly. Once we had a solid idea of where we are headed and the content on each screen we moved to sketch and create progressively higher fidelity flows.
As we worked on wireframing, I captured key assumptions we made as designers. I shared these assumptions with my team. I asked them to review and add to the list so that we could then identify the questions we really needed to ask our users. Once we had a rough draft of questions I would take time to craft these questions in an open ended way that would confirm or deny our assumptions without leading a user to a pre-defined answer.
Planning is crucial for effective execution
Preparing properly for each user session is of paramount importance to build trust with our users and ask the non-biased, substantive questions. Each time I conduct a generative interview or an evaluative user testing session I am thinking about two things:
I need to ensure that my team will get the most value possible at of each user session
I want our users to derive value from the sessions. They should feel truly heard and have the opportunity to see how their feedback impacts our design decisions.
As a user researcher, I am the user advocate, and I need to champion their perspective and keep my team aligned to their needs. I create a tailored guide for each round of testing. I meticulously track feedback, and then I provide the synthesis in a variety of visualizations and key takeaways so that my team can quickly consume the insights and act on them. For Risk Over Time we learned that comparison is key to any data engineer’s job and that they want progressive disclosure of information. They need to start with the big picture and then drilldown on a single database and track metrics over an assigned time period. Those insights validated design decisions and led us to make key revisions to notifications and the details panel on the database page.
User interviews, Prototype evaluations, and Research synthesis
While on the Guardium Analyzer team I met with a wide variety of different types of users, including internal subject matter experts, respondent recruits, business partners, and sponsor users. In IBM, building relationships with users over time is highly valued. It is so important to establish a rapport, so that users feel comfortable to speak honestly and want to continue to share feedback. Meeting with users is my favourite part of any project as I get to hear their stories, including their pain points and the opportunities they envision. I then can highlight those key moments for my product team so they we can really articulate the value of our design. The users are why we loop through the process of observing, reflecting, and making, so that we can make their lives a little easier.