Duo Policy Impact

Product Design, UX Design, Completed June 2018

Project Overview

Show how a company's security policies are protecting its employees when blocking and expediting user authentications. Prove the ROI of using Duo Security, a "set-it-and-forget-it" product.

My Contributions

User Research, Ideation, Wireframing, Prototyping, Usability Testing

Problem and Goals

Duo is a security solution that allows IT and security teams to block suspicious logins to corporate resources. What is considered "suspicious" will look slightly different to each environment, so the product allows admins to tweak their policies to target specific teams, device types, locations, and much more. The benefit of these custom policies is two-fold: they protect corporate resources from bad actors by blocking suspicious authentications, while expediting regular logins (AKA skipping 2FA). The process is practically invisible to employees with the correct permissions.

A set-it-and-forget-it tool like this is so invisible that customers don't understand the value it brings without clear visibility into how it works. A "you don't know what you've got 'til it's gone" type of deal.

Our goal with the Policy Impact project was to show the return on investment to stakeholders, help admins understand how their policies are working, and allow them to investigate suspicious activity.

This project built upon the groundwork I laid with my team during the Reporting & Analytics initiative in the previous year. I partnered with 2 other designers to build and design a new type of report while setting new design standards and patterns for future data visualizations.

Research and Sketches

As with every project, I always start with some research. For this project, we had a mountain of interview scripts from previous customer calls and usability tests. After extracting the relevant information, I synthesized the notes, then started brainstorming and sketching potential solutions.

Blocked Authentications

After multiple rounds of prototypes, usability tests with customers in our alpha program, we built the Policy Impact pages below.

As an IT Admin, I can quickly understand how many authentications have been blocked because a policy rule was triggered. I can analyze why these authentications may be blocked: are they coming from a unique user? Was there a spike due to a recent change to my policies? Did a new version of Chrome come out, marking my users as out-of-date?

I can then drill in to each stat to investigate further or or help employees who are having trouble.

Expedited Authentications

On the flip side of Blocked authentications are the Expedited ones. Users who are accessing their resources as usual (expected location, IP address, time, device, etc.) should be able to bypass the 2FA and continue on their day.

IT admins should be able to see a healthy amount of activity. In combination with the Blocked report, they can show stakeholders (like a Head of Security or CISO) that Duo is blocking suspicious authentications while trusted employees are easily accessing their resources, unbothered.

CVE Protection

The CVE System, which stands for Common Vulnerabilities and Exposures, is a reference method for publicly known info-sec "hacks". CVEs are usually fixed in software updates, but they still leave users with out-of-date software at risk.

After Duo blocks a user because of their software, a security admin could come to this page see which employees are at risk because of a CVE. Additionally, they would see that their company was protected because Duo blocked that authentication, proving the return on investment of using the product.

In-Context Interactive Elements

It was very important to us to give each piece of displayed information as much context as we could. Without context, a spike in a graph could mean literally anything. On the other hand, we didn't want to clutter the UI.

What we ended up creating was a design system that balanced descriptive text with various tooltips that have very specific purposes and displays.
Annotation Bar: A parallel timeline that denotes when something of interest might be affecting the graph.
Other extendable tooltip patterns.