WHY USER RISK MANAGEMENT?
The average cost of a data breach is $3.86M, according to a recent report by IBM Security. Remote work during COVID-19 is only expected to exacerbate the situation, increasing data breach costs, and incident response times.
To combat this threat organizations have to look across the attack surface for vulnerabilities. And now more than ever, IT teams are ramping up the adoption of unified endpoint management (UEM) solutions like IBM Security MaaS360 with Watson to secure their inventory of all devices and endpoints while ensuring that employees remain productive. Conventional UEM services address security and compliance through a device-centric approach, which limits an administrator's scope into risky user behaviour that exists within their organization.
With every user owning multiple devices a comprehensive risk view across all devices and users is required.
User Risk Management uses contextual information to detect risky conditions that compromise a security posture. It assesses risk based not only on the endpoint itself but also adds the more complex factors related to user behaviour and history across all of their devices. Users are evaluated for risk at regular intervals through a personalized Risk Model.
UEM is used to enforce restrictions, block or wipe risky devices. A risk score based on user behaviour allows the admin to apply granular controls over user entitlements. The model is customizable for each employee to accommodate the variability of what users need to stay productive and secure. The User Risk Management workflow consists of a Security Dashboard, Risky users dashboard, User Summary View, and Risk Rule Configurator (as seen in the below screen video). Administrators can view the risk in the organization with the Security Dashboard which includes an overview of the top risky users, risky devices, total risk incidents, and the average risk score across the organization. Administrators can drill-down to the Risky user dashboard and devices to get a comprehensive overview of the incidents committed by a single user with the user Summary View. With the Risk Rule Configurator, administrators can customize the risk model to identify the risk incidents according to their organization's needs. You can learn more about User Risk Management in a recent blog post.
In addition to the new User Risk management workflow, we have introduced a new design and UI framework. It's the first MaaS360 workflow designed from scratch using the Carbon Design System for IBM Security offerings.
WHY CARBON DESIGN SYSTEM?
Carbon puts the user first : Considering the variety of the MaaS360 customer base—e.g., geography, industry, company size, native language, skill sets-- we need to ensure that the product offers great UX for a wide group of users. Carbon is based on rigorous research into users’ needs and desires. It’s focused on real people and not just a generalized persona.
Fast and seamless creation using the React app: The recent release of Create React App 2.0 makes it easier than ever to get up and running with the Carbon Design System. With the addition of more styling options, like Sass and CSS Modules, we can bring all of Carbon into a project built with Create React App without ever having to exit.
Easy styling: Since we publish Carbon Components as a package on npm, we can use a service called UNPKG as a quick way to serve files distributed via the Carbon-Components package. One can view all the files in our package on UNPKG, making it easier to include Carbon’s CSS in any HTML page because you can use the <link> tag to include the whole stylesheet.
Auto-updates: Designers automatically get any updates made by the Carbon team so we don’t need to go back and change any designs to match the latest release. And while handing off designs to developers there won’t be confusion about the component and its behaviours.
1. Progressive disclosure - an easy learning process
a. Risky incident slide-over
- MaaS360 is an information-heavy product and analyzing pages full of content can cause information paralysis to the users. Carbon has a smart way of handling huge data through progressive disclosure.
- In the user Summary View, a click on any incident in each row opens a slide-over that gives more details like the incident description, status, severity, etc.
- This progressive discovery of event details allows users to converge on the required information at a time.
b. Risk Rule Configurator
- The accordion component delivers large amounts of content in a small space through progressive disclosure.
- In the Risk Rule Configurator, a list of accordions displays the rule groups/sets. The header title of the accordion gives a high-level overview of the rule allowing the user to decide which sections to read.
- The accordions have made information processing and discovery more effective.
Keeping detailed information in the expanded/ slide-over section saves user loading time by postponing some data queries until needed.
2. Breadcrumb navigations :
- We have used a traditional navigation bar in MaaS360. In the hierarchal scenarios, the back icon gets back to the parent workflow. But this process limits user understanding of the hierarchy among levels and navigate back through them.
- In the User Risk Management service, we have introduced path based breadcrumbs as a secondary navigation pattern. They enable the user to quickly move up to a parent level or previous step.
3. Batch filtering
- Till now MaaS360 had a single-selection filter where the user can pick only one attribute to modify data results. This process decreases the data-return speeds while performing frequent operations across the product.
- In the Risky users page, we have used the perceptible batch filter, contrasting the rest of the portal.
- The batch filter works best when the user is making several filtering selections across different categories that may take a longer time to mentally process.
- Batch filtering can prevent the user from having to wait for the data to load after every selection.
4. Interactive data-visualisations:
The Security Dashboard has interactive bar charts. End users can trim down the data visualization as per the requirements by selecting/deselecting the legend values.
We are constantly working on improving the experience of existing and upcoming new workflows in MaaS360 using Carbon for IBM Security. This is an ongoing initiative for the design team, so stay tuned for more new and simplified experiences in future.
Many thanks to my colleagues for their guidance and support in writing this blog: Deviprasad Shetty, Prasad Bala, Raveesh Kumar, Vandana Kukreja, Rajshree Deshmukh, and Patrick Ancipink.