Cybersecurity is rapidly growing as a sector, and as a result automation has become a game changer. I worked on a project that tackled our goals to scale the product to target our new users.
Problem Space
The problem of scaling in cybersecurity
Cybersecurity is indispensable for every digital enterprise. The challenge lies in expanding this crucial service, leading to the need for automating cybersecurity procedures. Nevertheless, not all businesses possess the means to maintain an internal security team, driving smaller companies to rely on managed security service providers (MSSPs) to address their cybersecurity requirements.
D3 aimed to shift their primary client focus from enterprises to MSSPs, targeting 150 new clients within 5 years. MSSPs manage multiple clients with varying service tiers, tech-stacks, and communication channels, making our current product inadequate for their needs.
Solution
A "lite" version of our platform
To accommodate a growing client base, I introduced a standalone login portal that MSSPs can customize for their clients. It seamlessly integrates with our existing product and presents information in a concise manner in order to empower clients. This cost-effective platform includes a new dashboard for tracking KPIs, incidents, and pending actions, meeting business needs while catering to our new target users' security requirements.
Users
Primary users (MSSPs)
Our primary target is MSSPs (managed security service providers), who use our platform to create security automation flows, monitor alerts, and share findings with their clients for further action.
Secondary users (MSSP's clients)
These are the MSSP's clients who may access our platform, review security information, and make important decisions. Each client must pay for their own software license.
This user is typically the IT individual in a company.
This user is typically the IT individual in a company.
Research & Discovery
Individual licences were too costly for the MSSP's clients
I collaborated with client-facing teams to conduct user interviews with three MSSPs. The feedback revealed emphasized focus on ROI and client security confidence, while challenges included high software licensing costs and diverse service requirements.
Challenges
The need for more autonomy
The MSSP needs to provide their clients with autonomy over their security posture. That means having actionable items for their clients and allowing some access to their own security incidents for review.
Greater autonomy means less additional communication steps between the MSSP and their clients, and helps the MSSPs offload responsibility back to their clients.
High cost of licenses
The current cost of an additional license provided to the MSSP's clients is much too high. This is also ineffective as the clients may only use about 20% of the platform, and therefore the cost isn't justified.
MSSPs want to see a version of this platform with only the required features, and user-forward features, that can come at a cheaper cost for their clients.
Power users vs. standard user
Not every single one of our users is a power user but our platform is currently designed for users with lots of custom needs.
A platform that is better designed for a standard user with more flexibility would be more suitable for the MSSP's clients.
Outcomes
Some food for thought
The success of this project greatly depended on aligning our designs with business motivations as well to ensure we designed for the right users as early as possible. It's also pivotal to take the initiative to work with other internal teams for internal alignment on the scope.