Product Design

IP Tag Collection

Date
Feb 2025
Client
Palo Alto Networks
Role
Palo Alto Networks
Timeline
UX Designer
Automating security policy enforcement in dynamic cloud environments is hindered by Cloud Identity Engine's (CIE) manual requirements for new firewalls to receive tags and for onboarding new IP-Tag sources. This necessitates customers repeatedly inputting credentials already used for App Discovery, creating significant friction in achieving elastic, tag-based security.
#research #design #collaboration #internaltool

The Challenge

Strata Cloud Manager is an unified management and operations for the entire network security deployment. With Strata Cloud Manager customers can easily manage their entire Palo Alto Networks Network Security infrastructure – NGFWs and SASE environment – from a single, streamlined user interface. Gain comprehensive visibility into users, branch sites, applications, and threats across all network security enforcement points. I am working some features for configuration section in SCM

Redesign IP Tag Collection Page in Strata Cloud Manager

The Cloud Identity Engine provides both user identification and user authentication for a centralized cloud-based solution in on-premise, cloud-based, or hybrid network environments. The Cloud Identity Engine allows you to write security policy based on users and groups, not IP addresses, and helps secure your assets by enforcing behavior-based security actions. I am the sole designer leading the end to end design for this product

Existing IP Tag Collection Page in Cloud Identity Engine


At present, users need to access the CIE app from the SCM for all user authentication and identification configurations, similar to other products offered by Palo Alto Networks. Since our company's strategy has shifted to develop the Strata Cloud Manager platform, we are beginning to integrate CIE into SCM.

My Role:

I am the sole design leading the end to end design for the majority part of this project (The visual, interaction design and research). I collaborated with other designers on the navigation discussion. as she is leading the entire SCM navigation design

Teams:

I collaborated with cross functional teams including Sales, Product Managers, Software Engineers, QA and Technical Documentation team.

Timeline:

This project took over 6 months indicating the depth and complexity of the work involved.

Discovering the Core Problem

According to the product requirement document, we have identified three major problems:

  • Manual Onboarding for Dynamic Systems: Users are frustrated because they have to manually intervene every time a new firewall auto-scales. Their automated, dynamic cloud environment is constantly being disrupted by a manual and time-consuming task to get security policies applied.
  • Onboarding Is a One-Time Event: Users cannot easily add new IP-Tag sources (like a new cloud provider or region) after their firewalls are deployed. They feel locked into their initial setup and have to go through a complicated, "Day N" process to expand their security coverage.
  • Repetitive and Redundant Work: Users are annoyed by having to enter the same credentials multiple times for different purposes (e.g., for App Discovery and then again for IP-Tagging). This makes the process feel inefficient, untrustworthy, and prone to error.

Delving deeper into these issues

Rather than merely replicating the existing pattern onto the new platform (Strata Cloud Manager), I took the initiative to delve deeper into the underlying issues, identifying areas for improvement and innovation.

I conducted the usability test with 3 sales engineers and identified additional issues we can potentially improved:

  • Confusing Terminology
  • Complicated workflow (Task completion rate 33.3%. Only ONE participant completed the task without instruction)

Chanllenges

Let's discuss the challenges I faced in thist projects.

  • Collaborations: Driving alignment across complex stakeholder groups
  • Timeline: Review and get approval for the Initial Design within 5 weeks
  • Technical Constraints: Keeping the existing design pattern as much as possible

Goals for this project

Streamline the IP-Tagging workflow to provide a single, unified view for all users, thereby reducing the time and effort required to manage security policies.

Business Impact:

This project was critical for platform expansion, directly enabling two major enterprise deals worth $10 million.

One of the Starting Points for Tag Distribution in Strata Cloud Manager

Crafting a Solution

I will discuss solutions aimed at addressing key problems in our workflows.

  • Simplify Tag Distribution workflow, particularly focusing on the issues we found during the usability tests
  • Unify the cloud account onboarding workflow by creating a centralized location to store all data. Other products that require cloud account onboarding can share this data with each other. This is addtional opportunity I found to better improve our product. it became a UX driven project
Unified Cloud Account Onboarding

These changes are designed to enhance user experience and reduce complexity in our systems.

To simplify the tag distribution workflow in Strata Cloud Manager, I need to solve it in two parts

First, simplify the navigation to enhance discoverability.

Optimized IP Tag Collection Location in Strata Cloud Manager

As I mention in the beginning, we were planning to move the entire User Context section to SCM in Phase 1 and move other section in future. With scalability in mind, The immediate ideas I had were two options

  • Use the CIE product name as the main menu on the left side, and maintain the same sub-menu structure as in CIE. The advantage of this option is that it balances the complexity for both the left and right sides. The disadvantage is that it increases the size of the left navigation.
Navigation Exploration 1
  • Use the CIE product name as the single menu on the left side, and keep others as horizontal tabs on the right side . The advantage of this option is its simple navigation, while the disadvantage is that the right side is overly complicated.
Navigation Exploration 2


However, no matter choosing which option, the ip tag collection feature was hidden so deep. I collaborated with the other design who is responsible for the left nav  to explored other opportunities using job to be done framework.

We questioned the necessity of maintaining the product name and structure, considering a platform perspective instead.

Brainstorming and Explorations

Through quick tree testing with 8 internal users, we found this approach simpler and more effective, with all participants locating the feature in about 15 seconds, compared to only 2 out of 8 in the previous setup, which took 58 seconds. After presenting this to key stakeholders, including three directors, we secured their support by focusing on user goals rather than product features or demographics. This strategy aligns with our business direction and customer needs, though similar discussions may be needed for future integrations.

Final Version

Second, streamline the configuration to increase the task completion rate. Simply click the “Distribute” link to start the distribution. with this change, 100% completion rate was achieved.

Redesigned Tag Distribution Workflow (Prototype)

Design with System Thinking

To solve the repetitive and redundant work, users have to deal with the cloud account onboarding. I proposed and designed the service to unify the cloud account onboarding.

Onboard Cloud Account for All Services in one place

The Impact & Key Learnings

Impact

  • 10M: This foundational work directly contributed to securing a $10M dea
  • 28M: Establishing a strong product offering that has already generated an additional $28M in the sales pipeline.
  • 5: Providing a unified and scalable user experience that spanned five different services

Key Learnings

  • Proactive Communication is Crucial: Don't wait for issues to arise. A well-defined communication strategy that includes regular updates, progress reports, and milestone notifications ensures transparency and builds trust across teams.
  • Strategic Prioritization is Non-Negotiable: When time is limited, you must focus on the most impactful work. Prioritize feature enhancements based on customer feedback and data analysis, and be willing to advocate for changes in feature priority based on business context and roadmaps
  • Foster a Shared Vision: Actively engaging in cross-functional discussions and facilitating workshops can promote a shared understanding of project goals and objectives. This creates a collaborative environment where teams feel a shared sense of ownership.

No items found.
Another One...

See Other

Projects