Enterprise SaaS Platform
In April 2019 Red Hat announced a suite of management products that would be delivered as Software-as-a-service (SaaS) products and hosted on a common platform. While Red Hat has had some hosted products, this represented a new strategic approach to delivering software. The SaaS platform launched with a small number of initial offerings: Insights, Vulnerabilities, and Compliance, along with some utilities shared by all of the applications. I worked on worked on all aspects of the platform, including being the primary designer on Insights, which already existed as a product, and Compliance, which was a new application.
Compliance
When beginning work on the Compliance application neither the PM nor I knew much at all about how customers thought about compliance, or what really what use cases we needed to support. After several meetings with internal subject matter experts, I was able to extract some of the questions that a customer would want answers to. These questions suggested views we would need and how we might structure the application.
Map of use cases for compliance app
Low fidelity mockups
The different questions we wanted to be able to answer for customers suggested three top-level views, as well as the information that we would want to show on those views.
With the overview, we wanted to give customers a high-level summary of the compliance findings with the ability to quickly drill down to more detailed views.
Compliance overview page
The rules list needed be filterable across different attributes so that users could easily get to the data set that they were after.
Compliance rules tab
Like the overview, the policies section was intended to be a summary view with the ability to drill down to see more detail about any of the policies.
Compliance policy tab
Learnings, mis-steps and changes
Terminology
There are some technical terms within the compliance space generally, and OpenSCAP specifically, that make it difficult to have a normal human conversation about. For example, “policy” could mean something like a “standard”, like HIPAA. “Policy” could also mean “a set of rules to be checked on a particular set of systems on a certain schedule”. I was concerned that we were tied to that more technical notion of “policy” even though what we wanted to present to customers was what we assumed they’d be concerned with: are my systems compliant with whatever other standard applies to my industry. I had wasted cycles trying to design around something that wasn’t a problem after all. It turned out what I had assumed was a technical challenge was easily overcome. I should have talked to engineering sooner.
Change in PM
Several months into the project a new PM was brought in to oversee the Compliance app. While he came from a security background, he had to get up to speed (and quickly!) on a product that’s somewhat simple on its face, but which hides a fair bit of complexity. His view was that what I was showing in my mockups was too complex for what he wanted, and that the focus on rules may be confusing to customers. I felt like the framework I had was pretty strong, at least in terms of the use cases that I had gleaned from our SMEs. I was resistant to changing it, but did in the end. We later got feedback the rules would be really useful in some contexts and we were missing those views after the change, but we also learned that my initial concept wasn’t quite right either. Luckily that design work had already been done, so this wasn’t a big setback for the project.
Compliant versus non-compliant
Our subject matter experts expressed a very black and white view of compliance: either you’re compliant or you’re not. When we showed an early version of the application to customers one of the first comments they made was that they would probably never be 100% compliant. They did not like the idea that their compliance would be “red” even though a less-than-100% compliance may be perfectly acceptable to them. We needed to give customers a way to be able to set their own thresholds for what constituted “compliant” in their organization.
Allow users to set threshold for compliance policies
What happened
I turned the work on Compliance over to another designer just before the conference in April. It turned out that the app did not make the cut for the big reveal of the new SaaS platform, but it is GA now. The project has continued to evolve and the new designer has put her spin on it, but the bones of the application that I designed are still there.
