Juniper needed a shot in the arm for their declining security business, with that the focus was on improving all the security products across the board. I dove deep to the core of the security domain and focussed on re-designing the policy management experience to make it much simpler and efficient.
Along with a new college graduate, I was able to re-imagine the firewall policy creation and management experience into a much simpler, intuitive and automated experience that improved productivity and instilled confidence in the security administrators.
How it all began
The project started as a self-initiated innovation project, the goal of which was to re-imagine the firewall policy and rule management experience. We chose this because it was at the core of security management and would have the largest impact for the users and also we knew there was scope to improve in this area.
On the other hand, the work SDSN (software defined secure network) cloud platform was gaining momentum for which we needed a simpler and compelling security solution.
The lay of the land
There was some previous research focussing on the tactical problems, instead of jumping right into solving the UI problem, I decided to explore and frame the larger problem at a strategic level and then focus on how to tackle it.
Dug deeper into the domain and technology, took a look at the competitors, watched a ton of security related videos, read a lot of data sheets, collaborated with PLMs and spoke to customers (personas).
In this process, I discovered that the networking industry was going towards the intent model, which broadly means that the user can express what they need from a network (the intent) and the system would translate that into networks and topologies (connectivity) optimized for that need. The Security PLM org was seriously exploring this area and my timing could not have been better, I joined forces with them and explored of the possibility of creating intent-based security models that could be leveraged across the suite of products that had a security element. Adding the security in the SDSN.
Creation and management of security posture
Time to react / changing the security posture in case of a possible threat
Simplified security management for SDSN platform
Intent based security policies
Dynamic security posture
Discovery, Research and Competitive analysis
Reframing the problem: Knowing the wall ahead
After the rigorous discovery and analysis phase that included numerous white-boarding sessions, brainstorming sessions, affinity maps and a lot of conversations we were able to see the wall ahead of us, it was big. Some key challenges were:
Tactical shortcomings in the rule creation workflow:
Current technology that needed a paradigm shift:
Barriers for user adoption:
➜ The intent based constructs in the security domain is a new paradigm. We have to instill enough confidence in the users for them to “trust” the system.
wireframe solution options
The solution trek
Once the problems were framed, the exciting journey to find solutions started. During the discovery phases lots of ideas were being discussed and it was now the right time to crystallize and get implemented. Simplifying the rule creation process, faster search and editing capabilities were definitely the low hanging fruits but I wanted to solve it at a fundamental, conceptual level. The features suggested were implemented in two different products.
To address the challenges identified above the big strategic pieces of the solution were :
Simplification of workflows
Removing the multi-tier model
Introducing auto-rule analysis
➜ Collapsing redundant steps
➜ Shifting load to the system
➜ Introducing quick search based model
Image showing integrating all end-points into single rule
User centric paradigms
Created a layer of user and business centric concepts that hid the underlying device-centric complexities and dependencies.
Automated assignment and deployment of rules to the right device
User defined and controlled variables for dynamic policies
➜ Dynamic rules based on end-point metadata and tags.
Screen showing user defined variables, values and assigned rules
Automating - taking the load off the user
➜ Auto suggestions for the object type and the object
➜ Dynamic assignment of new or changed objects to policies
➜ Auto assignment of policies to the appropriate devices
➜ Auto placement of the rule and priority, the user does not have to worry about the right sequence of the rule
➜ Change in the environment variable updates the appropriate policies automatically.
Screen showing analysis and automated rule placement
Building trust in the system
➜ Real-time rule analysis showing conflicts, anamolies and shadowed rules
➜ Display the impact of the rule across the network
➜ Options to review all the changes before deployment
➜ Ability to review the translated device-centric rules before deployment
➜ CLI views to see the change in the language the user is familiar with
➜ Options to retract any change