Putting the user experience at the center of mobile security

These days, the mobile security industry talks a lot about the need to “focus on the user experience.” As security professionals, we know that if your users can’t quickly and easily access the applications and data they need to do their jobs, then nothing else matters from a business perspective. At the same time, if users have to go around corporate security obstacles to get the content they need, that behavior could be putting your organization at risk.

Why should we care about the user experience so much? Because without user buy-in, the mobile enterprise security net falls apart — and it only takes one security lapse to result in a serious data breach.

Consider this: Every endpoint and user across your organization represents a potential vulnerability because the enterprise perimeter no longer exists and the edge is everywhere. So if a user is working on an untrusted device, app, or network — anywhere in the world — you need a way to bring those things into compliance to ensure that only trusted users can access enterprise data through secured devices, apps, networks, and clouds.

At MobileIron, we understand that protecting company resources is ultimately IT’s job — not the end user’s. Mobile employees shouldn’t have to wonder if a corporate email attachment is infected with malware or if the link sent from the CEO might drive to a malicious site. It’s our job as security experts to take that worry away from users so they can focus on staying productive wherever and however they work. Our goal is to make it as easy as possible for mobile workers to get the apps and content they need while keeping security robust yet virtually invisible. That’s why we put the user experience at the center of our design process.

So how do we enable that seamless and secure user experience in practice?

First we have to understand who exactly we mean by “the user.” At MobileIron, we design for two user audiences:

  1. Mobile employees: This may include users such as a sales rep or field worker using on a personally owned device, or a healthcare, retail, or frontline warehouse worker using a corporate-owned device. To get them on board with mobile security, we enable a highly intuitive user experience that goes beyond identity management. To encourage users to enroll their personal devices, we know that it’s also essential to educate users about what IT can and can’t see and manage on their devices. We make it clear that their privacy is our top priority.
  1. IT admins: These are the folks on the front line of mobile security. Not only are they responsible for keeping corporate resources safe, they also play a large role in deploying mobile security in a way that minimizes any impact on end-user productivity. Making their jobs easier leads to a successful end-user experience.

 

The MobileIron design strategy

Our design strategy focuses on helping IT support the mobile user experience without compromising security. That’s why we put the needs of both IT admins and end users at the heart of our design process. We understand that what IT cares about most may not matter at all to other enterprise users. For instance, IT wants to protect users from malicious apps, network threats, and more. Most other users simply want to access mobile resources without any hassles or delays. That’s why we provide innovative capabilities like zero sign-on (ZSO), which enables frictionless authentication and better security.

Delivering these capabilities requires a customer-centric mindset across the organization, which is why our UX team is focused on understanding what our customers need and want at a granular level. To ensure our products meet a fast-growing and varied customer base, we  conduct thorough UX research to inform every step of our design process, summarized in these five steps:

  1. Understand the problem. Our job at this stage is to understand the problem and how it affects both IT admins and end users to ensure the solution is both secure and easy to use. Sometimes there is a conflict between admin requirements and end-user needs, which is often one of the biggest design challenges.
  1. Research and brainstorm solutions. After identifying the problem, the UX designer and UX researcher start conducting research for the dashboard to better understand users’ needs and pain points. The UX team then begins brainstorming solutions with product management and engineering teams by leveraging research and similar designs from other products.
  1. Build and test wireframes. The UX designer documents the user flow through a series of wireframes. These wireframes are presented to the broader team to select for further testing.
  1. Test the prototypes. Test prototypes are selected to identify what works well so the team can narrow down the designs and move forward with one solution. We conduct usability tests with customers and end users to identify potential issues and make design recommendations to improve the prototype. In general, we follow an iterative design process to make sure the prototype is easy to use.
  1. Refine and finalize the solution. We tweak the solution with findings from the user study and produce a semi-high-fidelity prototype. Then the designers sync with the broader team again to validate and move the design forward. At this point engineering begins implementing the design. After the feature is launched, we continually gather more user data through tools such as Mixpanel or through research methods such as surveys and interviews.

In the world of mobile security, our work is never done. Our UX team continuously reviews how our solutions are performing — not just to meet the needs of end users and IT admins, but to also address the constantly shifting threat landscape.

To find out more about how MobileIron can provide a comprehensive UEM solution that fits your needs, contact a MobileIron sales representative here.

Brian Foster

Senior Vice President of Product Management

About the author

As SVP of Product Management, Brian is responsible for overseeing product direction and innovation. Brian brings more than 25 years of experience to his role. Prior to MobileIron, Brian founded a startup in the identity management space. Before that, he was SVP of information services at Neustar, the leader in identity resolution. At Neustar, Brian’s teams were responsible for solutions in marketing services, risk and fraud, registries, and security services. He also oversaw the product development and go-to-market operations. Prior to that, Brian was CTO at Damballa, a private company that discovered advanced threats running in enterprises and large internet service providers. As CTO, Brian was responsible for the advanced research, product strategy, and engineering operations.

Before Damballa, Brian was SVP of product management at McAfee. He oversaw McAfee's global product management functions and was responsible for over 80  enterprise and consumer products, generating more than $2B in revenue. Prior to joining McAfee, Brian was VP of product management at Symantec, where he oversaw product innovation for the enterprise endpoint. Brian has a BA in Economics from UCLA and completed the executive program in management from UCLA’s Anderson School of Management.