Cybersecurity Admin Controls

Product: HYPR is an authentication and identity verification Saas product used by large enterprises to secure logins and identities
Platform: Web
Design Task: Create a suite of controls to allow IT admins to customize their authentication settings
Results: HYPR won over $2 million dollars in contract value based on the full suite of real-time security checks based on login limits, IP address, and user location
Learning point: It is important to get a V1 out the door, but it is beneficial to have a north star vision of the product in mind

The Problem

Every organization has specific needs for their security posture so we must allow for custom settings to attract more customers and keep their business and users safe. HYPR does not currently support real-time risk assessment and adaptive security controls.

Our main users are IT security admins at large enterprises (banks, insurance companies, etc.).

We must create a suite of controls for admins to customize their authentication settings.

The Process

The process for the project is 3 steps - research, ideate, then design.

The first step being research - since this is a 0-1 product we don’t need to undertand the current process because there isn’t one. We need to find out what would make this a VALUABLE feature for our users. From there, we can prioritize features, and then design them.

So how do we understand where to create value? Let’s talk to some customers!

This is a 0-1 project so we need to gather information with a design kickoff workshop and customer interviews. We can find out 2 things in these sessions.

  1. What do customers want/need for their security admin settings

  2. What can HYPR as industry experts offer as security controls that customers might not think of

Now that we have feature ideas for what will make up our admin suite of tools, we need to prioritize. To do this, we will weigh the effort vs. impact to see what features would be best to build and in what order. Again, we leverage customers and internal stakeholders to gain this information to plot this graph.

Awesome! With the effort vs impact understood, we can build a phased approach to how the product will be built. We cannot build everything in V1 but it is valuable to understand how the product will be built. This is the vision for how the product will be designed and built.

The Solution

Now we know where can create value for our users so we can design the solution! The following screens will show the V1 version as well as how the product evolved to include IP address checks, location checks, and a summary page.

Login limits allows the user to set a lockout when certain login thresholds are met, such as logging in too many times in a specified window.

This is our IP address checks page - the user can set the order in which the checks are made, create new checks, and tell the system what to do if the IP address can’t be determined.

This is the page for a user to create a new IP address check. They can select whether the user IS or IS not on a certain IP address. We also allow for different formats of IP address. From there, they select what action the system should take when this rule is flagged.

This is our location checks page - the user can set the order in which the checks are made, create new checks, and tell the system what to do if the location can’t be determined.

This is the page for a user to create a new location check. They can select whether the user IS or IS not in a certain country. We also allow for multiple countries. From there, they select what action the system should take when this rule is flagged.

This is the summary page where users can determine what order the rules should be checked in. Users can also select which applications will abide by this security policy. Lastly, they can also set what the system should do if the security checks are unavailable.

The Results

The V1 of login limits was a great success and was adopted by dozens of customers. It was delivered in one sprint and the rest of the real-time checks were added to the roadmap.

HYPR was able to use the prototypes of the future phases to show customers and win deals. This resulted in over $2 million of contract value for the company! This is now a huge selling point for the company!

This is a massive win for our customers - they can now keep their business and their users safe when logging in.