Security UX for factories

Research & Design, 2021 -

For factories, it's important to run smoothly yet securely.

Often secure configurations are different from smoothly running configurations. Every layer of security potentially slows down the maintenance process.

It's very difficult for users to navigate through the ocean of settings.

The challenge:

Creating simple representations of a
complex security features

Process overview

Detailed steps

1. Information gathering

I start my project by focusing on three key parts:

Business goals
User goals
Technology and other constraints

If business goals are not met, the business will not survive, no matter how great the solution is. If user goals are not met, the company may benefit in the short term but lose out in the long term. And neither of these counts if we can't realize the solution.

To find this out, first, I interview relevant stakeholders inside the company:

Domain experts
Product managers
Product owners
Customer support

Then, I prepare my questions and reach out to users:

Internal users
External users

Due to rules and regulations, contacting external users is not always possible, so I try to make up for this by triangulation.

2. Synthesizing & focusing

Once I gather enough information, I start to synthesize it.

One way I do it is through affinity mapping. Together with my UX colleague(s), we identify key points, group them and select what we will focus on.

It's important for us to select a scope that fits the given timeframe and resource allocation. However, if we feel user goals are not met with the given constraints, we recommend reconsidering the limitations.

3. Ideation

I validate my ideas early with stakeholders to ensure that anything I create fits the security concept and it's feasible.

Paper sketching or designing in low-fidelity
Quick validation of feasibility and accuracy with security/domain experts
Iteration
Repeat

4. Testing

Usability testing with users was essential to see if the feature makes sense for the user and if they can make informed decisions about their system.

I wanted to answer these questions:

How well does the users' mental model of the feature fit the system model
If they understand:
- what the feature protects
- what isn't protected
- what will be taken care of by the system
- what has to be taken care of by them
- what steps do they have to take to achieve a secure system
- what steps do they have to take if they don't need a secure system

5. Final iteration

Takeaways from the usability testing were prioritized. Depending on severity and feasibility, they were implemented in the final iteration step.

Next steps

Supporting implementation
Tracking the real usage of the feature after the release
Potential adaptations based on the actual usage data