David Weeks opened by defining UX, quoting the Neilson Norman Group, saying, “User experience encompasses all aspects of the end-user's interaction with the company, its services, and its products.”
David then went on to explain that as devices and localized services move to the cloud, providers are being required to take on more services based in Software as a Service (SaaS). Consequently, SaaS-based service management is growing, and service providers must adapt their offerings to suit.
“Mobile device usage and additional devices are increasing the connectivity of users to multiple applications, which means as organizations expand or move globally, centralized services are no longer practical to support this continued growth,” he said.
As a result, in this increasingly decentralized environment, data security and recovery play an increasingly important role in maintaining and improving UX—in terms of securing business and customer data from loss or attack, and rapid recovery of critical data and systems to minimize downtime and disruption, should an incident arise. Through a mix of network management and UX monitoring, David pointed out it’s also possible to improve not just security, but also user productivity and business efficiency.
David explained security has a direct impact across UX, from application performance, technology interaction, and usability to user perception and productivity, which makes close monitoring vital.
“First, understand how a user perceives and interacts with the technology and/or applications,” he said. “From here, you can start to build out monitoring and metrics to track key areas.”
Examples given included:
David underlined the importance of instigating monitoring and managing externally before an issue occurs internally, then using this intelligence to formulate further action plans relating to the core metrics of UX monitoring, which he defined as:
Delving into the life cycle of the security UX, David divided the actions needed into three time frames: before, during, and after an incident. In an ideal scenario, before an issue arises, internally backups would be configured, AV installed, and email and other areas prone to attack addressed. On the user side, two-factor authentication would be executed, any necessary physical access restrictions put in place, and thorough security training given. Meanwhile, appropriate permissions would limit access, while sensitive data would be encrypted and stored in multiple locations.
If an incident was to occur, AV would mitigate or sandbox the threat, while preconfigured RMM would alert relevant staff. The user permissions in place would limit access to corporate resources, and lockdown procedures would be instigated. David emphasized the importance of the service provider taking the lead to ensure any action plan is quickly put in place and users are trained on the strategy.
Once the threat has passed, restoring data from backup and taking an inventory of the loaner hardware would minimize staff downtime, getting productivity and revenue streams back on track as quickly as possible.
David outlined the criteria determining the formulation of a security action plan. In terms of the user, it’s vital to understand expectations and whether they are changing, along with how user productivity could be improved, and the cost to get users back online. From a data perspective, it’s important to define how data is managed and whether this matches business expectations, along with the real cost to the business of data being lost or stolen.
Meanwhile, David stressed the need to monitor what data is coming in and going out of the business, and how users are interacting with it internally, along with the quality of the data and potential threats. He also recommended carrying out an ongoing investigation of users and their interactions, while ensuring threats can be neutralized and counteracted with the necessary recovery strategy in place.
With the right plan and processes in terms of network management and user monitoring, threats or data loss can be dealt with quickly and effectively, minimizing disruption and importantly optimizing UX before, during, and after any incident.
David Weeks is senior global channel sales manager at SolarWinds MSP
© 2018 SolarWinds MSP UK Ltd. All rights reserved.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.