Usable Security and the Next Iteration of Privilege Manager
Let's focus on usable security. Here’s what that means for the next iteration of Privilege Manager.
It’s no secret that Delinea is the usable security leader in the Privileged Access Management space. Our UX team constantly works on the entire product line to modernize and simplify the product experience. One of the biggest projects our team tackled recently was the redesign of the Privilege Manager. Here's a glimpse into our process.
The Privilege Manager Use Case
First, let’s talk about the Privilege Manager Use Case and why UX is so important. Here’s the use case: You want to minimize how local admin accounts on endpoints can be used to access other computers, domain resources, and critical servers unless a least privilege security model is implemented. Local admin accounts exist everywhere because it’s easier to give standard domain user accounts more rights than they actually need. This results in human accounts with privileged access.
The issue is rarely addressed on employee computers, leaving companies vulnerable to privileged account escalation and pass-the-hash attacks on thousands of unmanaged endpoints. Managing these endpoints is critical for the security posture of your organization. However, any mistakes managing your endpoints can lead to catastrophic shutdowns for your organization.
This is why UX becomes so important to the product: it needs to be simple to get these endpoints under management to shrink your organization’s attack surface and improve your security posture.
The Privilege Manager Redesign Process
User Testing: Customer Interviews
User testing is the backbone of the UX program at Delinea. We start all new projects, whether a full-scale redesign or new feature design, with user testing. We conducted 15 interviews with existing customers so they could tell us how they currently use Privilege Manager, how it’s utilized in their IT workflow and day-to-day problems that have occurred.
Participatory Design: Deep Dive with Product Experts
We used a participatory design methodology while redesigning Privilege Manager. Participatory design is an approach to a design strategy that brings subject matter expertise into the heart of the design process. These subject matter experts enable the design team to leverage their expertise as another data point during the design process. For Privilege Manager, this meant bringing in our lead architects and developers to provide subject matter expertise about how the product was originally designed and how they see it implemented in real-life customer environments.
Wireframing and Prototyping: Taking in the Feedback
Wireframing and prototyping is a staple to any software design process. In this process, the designer takes all the data from user testing and participatory design and starts experimenting with different interactions and Delinea design system UI patterns. This process also allows us to share our designs with both stakeholders and users for review and comment. Often the design team will go through more than 5 iterations before we land on an ideal state.
User Testing: Guided Testing
After the wireframes and prototypes were finalized, we started another round of user testing. We used a think-a-loud methodology to guide the users through tasks using multiple design prototypes. Think-aloud protocols involve participants thinking aloud as they are performing a set of specified tasks. Participants are asked to say whatever comes into their minds as they complete the task. This might include what they are looking at, thinking, doing, and feeling. This gives observers insight into the participant’s cognitive processes, to make thought processes as explicit as possible during task performance. This gave the team a lot of data to implement into the next iteration of the designs, which was eventually given to the engineering team for development.
Implementation: Engineering in Action
Delinea has a very talented group of engineers who partner with the UX team to implement the designs into the actual product. This is where the project really comes to life!
As I’ve seen the new Privilege Manager UI come together through our comprehensive process, I’m confident that we’ve achieved our goal to deliver a cybersecurity solution that’s usable and effective in helping our customers protect their privileged accounts, implement a least privilege approach, and shrink their attack surface. We’re excited to release iterations of the redesign of Privilege Manager throughout the next year. If you have any questions or are interested in a sneak peek of the designs, feel free to email firstname.lastname@example.org.
Implementing Least Privilege shouldn't be hard.
Privilege Manager makes least privilege adoption easy for users and reduces the workload for IT/desktop support.