Security UX for factories
Research & Design, 2021 -
For factories, it's important to run smoothly yet securely.
Often secure configurations are different from smoothly running configurations. Every layer of security potentially slows down the maintenance process.
Creating simple representations of a
complex security features
1. Information gathering
I start my project by focusing on three key parts:
Technology and other constraints
If business goals are not met, the business will not survive, no matter how great the solution is. If user goals are not met, the company may benefit in the short term but lose out in the long term. And neither of these counts if we can't realize the solution.
To find this out, first, I interview relevant stakeholders inside the company:
Then, I prepare my questions and reach out to users:
Due to rules and regulations, contacting external users is not always possible, so I try to make up for this by triangulation.
2. Synthesizing & focusing
Once I gather enough information, I start to synthesize it.
One way I do it is through affinity mapping. Together with my UX colleague(s), we identify key points, group them and select what we will focus on.
It's important for us to select a scope that fits the given timeframe and resource allocation. However, if we feel user goals are not met with the given constraints, we recommend reconsidering the limitations.
I validate my ideas early with stakeholders to ensure that anything I create fits the security concept and it's feasible.
Paper sketching or designing in low-fidelity
Quick validation of feasibility and accuracy with security/domain experts
Usability testing with users was essential to see if the feature makes sense for the user and if they can make informed decisions about their system.
I wanted to answer these questions:
How well does the users' mental model of the feature fit the system model
If they understand:
what the feature protects
what isn't protected
what will be taken care of by the system
what has to be taken care of by them
what steps do they have to take to achieve a secure system
what steps do they have to take if they don't need a secure system
5. Final iteration
Takeaways from the usability testing were prioritized. Depending on severity and feasibility, they were implemented in the final iteration step.
Tracking the real usage of the feature after the release
Potential adaptations based on the actual usage data