With 15 years of experience working on large and complex SaaS applications, Automox Director of User Experience Eric Starling appreciates all of the challenges that cybersecurity poses, particularly when building an application that services the need of all three major operating systems.
With an ever-growing number of tools and services out there for those who are looking to utilize exploits, the effects that a breach can have on any company, from mom-and-pop shops to even Fortune 500 corporations, are catastrophic.
In this week’s Get to Know the Automox Team blog post, Eric talks about his role as director of user experience, his feelings related to designing a user-centric cybersecurity product and why a “very smooth and clean” onboarding experience makes all of the difference in cybersecurity.
The Importance of Security
Programming software is hard in general, Eric says. Every release of any major piece of software that’s being used by millions of people is going to have some degree of vulnerability in it. While developers do the best they can to minimize those potentials for exploit, the level of interconnectivity in modern software is so high that it’s nearly impossible to block all of them.
Consequently, it’s keeping your systems up to date, and making sure that you’re making use of all of the available intelligence from the original development team that’s paramount to ensuring systems and software are being used in the safest manner possible.
“The impact that a breach can have, even on major corporations like Experian or Target, can take a massive corporation and cause them to go bankrupt, change their name, have assets sold off — some sort of reputational harm — and common sense is locking the door to your business when you leave at night.”
Whether he’s designing the user interface or reading, reviewing and soliciting customer feedback, every aspect of Eric’s role at Automox focuses on providing an “ironclad” way for users to utilize the Automox platform and ensuring that every user interaction passes through effective security measures.
“Modern security measures, including difficult passwords, using single sign-on, multifactor authentication, all of those are tools that can easily be set up in Automox within mere minutes.”
Simplicity Ensures Security
The most important thing an organization can do to ensure the security of its IT infrastructure going forward is to use tools that are simple. Eric says that companies can have one of the most high-tech, complicated tools for security out there, but “a tool is only as useful as it is used.”
Much like paths worn in parks by people cutting corners to get where they’re going faster, Eric says people will do the same when faced with burdensome security measures. People like the easiest paths and solutions to their daily struggles, IT managers included. A simple tool that’s as transparent to the user as possible is probably the best thing that you can do to ensure that everyone is using it, according to Eric.
“In order to have people adopt good security practices, you want to make that as easy as possible for them. You don’t want to give them any burdensome regulations or tasks that interfere with their day-to-day activities.”
Thus, Eric and the rest of the user experience team work to create an easy-to-use tool that’s transparent and, ideally, is one that can be automated so that users don’t have to think about time-consuming manual tasks as much.
State of Design in Security Solutions
IT managers, in general, are “very underserved” by the design of a lot of the security solutions out there for them, Eric says. Even major patch management or automated patching solutions that exist are not very user-friendly or are siloed very much in a single environment. While IT managers are a very well educated and experienced group of individuals, everyone is looking for a simple and direct answer to what the state of their endpoints are and what vulnerabilities they’re exposed to.
Unfortunately, a lot of IT security tools throw more information at the user than the user necessarily needs. Consequently, Eric and the Automox team strives to promote the most important and salient information on the state of systems to the user, and have additional information available if they want to dig into it.
“Our overall goal is to give you a one-glance look at your entire system, allowing you to investigate any abnormalities or vulnerabilities and get those resolved as quickly as possible.”
What does the future hold for cybersecurity tools? The enterprise software world is finally starting to wake up to the fact that UX is a major differentiator. Eric believes we’ll start seeing more advances toward the service design and customer experience as well. It’s things such as notifications that aren’t retroactive but are proactive, saying, “you have x number of devices that are most likely going to be patched in the coming days or weeks,” or being able to forecast around Patch Tuesday, for example.
“What it really boils down to, I think, is that data is going to drive a lot more of the service design and customer experience.”
User Experience = Vital
Any software tool that has a poor experience — security product or not — doesn’t get used. Eric believes that the user experience, in general, of SaaS apps needs to be as good if not better than that of desktop apps since you’re dealing with additional challenges of working on a web platform.
Whether that involves reducing the number of page screens that users have to interact with in order to complete a task or ensuring that they’re not overburdening user’s internet connections with excessive animations and visual noise, Eric and the UX team want the Automox platform to be clean and direct so that users can accomplish their task and get along with their day. Eric believes that some of the biggest challenges that a lot of IT software tools have is overloading the user interface with too much information.
“The best-in-class examples have a very smooth and clean onboarding experience. They let a user get in and find the value of the product as quickly as possible, and then they reinforce that value by making the task that accomplishes it very easy and repeatable.”
So, whether that’s accomplished through automation, a “slick” mobile interface or something of the like, the overall goal Eric wants a customer experience to have is ease of use, a very quick adoption and the ability to drive a high-value interaction with users so that they’re obtaining some value from it.
“Other cybersecurity tools sometimes have burdensome onboarding processes, where you have to set up an on-prem location, an on-prem service, which requires its own hardware and typically has a steep learning curve. We try to avoid that as much as possible by using a cloud-based solution and by having an onboarding process that can get completed within minutes so users can be patching devices within 3-4 minutes of signing up for a trial or purchasing the software.”
Consequently, Eric and his team minimize complexity by talking to real customers and finding out what their initial questions are when they see a device in a certain status, trying to provide answers to those questions right away. Eric wants to provide a lot of information but doesn’t want to overwhelm the end user, so he and his team employ a lot of high-saturation colors on a dark background to ensure that statuses are clear and “jump off page” easily. In addition to that, the Automox platform summarizes patch management in three easy-to-understand statuses: 1) up to date; 2) waiting for the next software window; and 3) needs attention.
“By focusing around three primary attributes, we can really show users the state of their system very quickly, just at a glance. When they dig in to look at an individual device, we can summarize exactly what status that device has, when it will be updated next if they leave it purely up to automation, and we can also provide them controls to remediate a device’s status right forefront and center… IT managers are extremely overworked in general, and we want to help them with their cybersecurity as much as possible, and then let them get on with the rest of their day.”
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution visit www.automox.com/signup.