SWETHA RAMASWAMY

Title Image for the SAP Data Custodian Project with a product screenshot

Overview

The Policy Creator

The SAP Data Custodian is a data protection tool that enables organizations having data in the public cloud enforce privacy & monitoring controls. I worked on building an MVP for a core feature within the application- the policy creator. The policy editor enables IT compliance officers to set rules around data access.

Team & Role

Role: Interaction Designer
Team: Product Manager, UX Writer, Engineers (remote)

Context

Ensuring security and privacy of sensitive customer data in the cloud is an important business concern to large organizations. Non compliance to laws such as GDPR results in heavy fines.
The Policy creator helps compliance officers define rules for data access based on defined conditions & report unauthorised access in time.

Persona

I built the persona from using information from secondary research, which was then developed further using insights from customer interviews. Personas also helped to center the discussion amongst stakeholders regarding use cases.

Problems with the current design

Sales demos revealed negative sentiments about the product

The policy creator existed in it’s V1 when the product was first being built, but was receiving negative feedback from prospective customers during sales demos.This in turn led to a redesign project, which was designed to address usability, scalability and customizability.
#1

Poor usability resulting in low rates of task completion

#2

Lack of information organization led to differences between people's mental models and that of the application

A key business requirement was to make the policy creator extensible, to add new criteria based on a customer’s requirement.In the previous design, there wasn’t a way to surface additional requirements without custom coding a new field. In order to make this happen, a customer with additional requirements would have to connect with the development teams to design a custom UI.

#3

Users had to move sequentially through multiple pages to complete the process
Customers wanted templates they could edit, to save time and manual processes and also because they expected the product to offer recommendations.The current design forced the user to move through all the fields and edit them individually, thereby offering little visibility into the process.

Defining the design strategy

Designing a flexible policy creation framework

The current priority was to rethink how the data logic was represented in the UI.This was made difficult by the fact that information was dispersed across screens, thereby providing little feedback on task progress.

Competitive Analysis

I looked at existing policy applications  such as Microsoft Azure and Google Cloud. My hypothesis at this point was that if we could sort the information and present it an easy to understand way, users would complete the process of setting up a policy.

Ideation & assessing feasibility

Sketching helped me brainstorm different solutions. I wanted to enable the user to:

1. Present information in a persistent manner, in case they chose to edit a template.

2. Move between the different fields without friction.

I explored different ways in which the goal could be achieved. I compared these designs through the lens of: how easily could it offer visibility into the creation process, can the design scale and would the design deviate from existing design patterns in the product.

Help text/terminology

If users can understand terminology they won’t need to delve into product documentation.

The framework

Can the user understand how to add/remove criteria? 

The need for a summary 

Internally, stakeholders were divided on whether a summary would help users, and this was a perfect opportunity to test that.

Leveraging a mature design system to ship design

I iterated on the mockups prior to developer handoff. I relied on the SAP design language – Fiori to borrow components and style the application. The SAP Fiori design system has well defined guidelines regarding layouts, grids, colors and typography. The mockups were handed to the engineering team on InVision, with the visual and interaction specs defined.

DESIGN IMPROVEMENT #1

Optimising information across 6+ steps to 1 step

DESIGN IMPROVEMENT #2

Helptext to aid new users

DESIGN IMPROVEMENT #3

Easy Search & template customization

Impact

The feature was demoed at SAP TechED and is currently in a closed beta with AWS customers. A few ways to measure success would include:

User Engagement

The number of policies created/user. 

Time and cost savings

How does the redesign impact time on task & improved productivity? 

Decreased breakouts

What is the time invested in maintaining & refactoring the backend?

Next Steps

Feedback from customer sessions indicate that users want to do as little customization as possible. This means a possibility to improve the design of the policy template chooser, which could adapt to only asking the user to tweak what is most relevant to the business case at hand. In addition, a modal is not the best design for the template selector, as the number of policies could increase in the future.

What I would do differently

I had to make some assumptions around key workflows and the information users would need. This project was limited in its understanding of a compliance officer’s context of use, their organization and how information exchange is done between departments.If I had to approach this project differently, I would try to join more online forums, recruit more proxy users and conduct more usability tests to validate product decisions.
I would also work with product management and the users to define the KPI’s by which we could measure adoption and use.
Finally, I would spend additional time to ensure all accessibility criteria were met, and identify accessibility gaps in the current design system and implementation.