Better Security Through UX, Part 1

How effective is a security tool if people don’t like using it?

A fancy floor mop sits in my closet. It’s a Swiffer WetJet, and with one look you can see that its designers prioritized good user experience (UX). The weight, shape, and built-in spray nozzle make cleaning the floor easy, convenient, and — dare I say — almost fun. Before I got it, I had a regular old mop, which was messy, inconvenient, and a hassle to use. My new mop leaves its closet at least 3 times a week; the old one was lucky if it saw the light of day once a month.

When the experience of using something is difficult, frustrating, or even just irritating, people will use it less  no matter how necessary it is. And often there’s way more at stake than just your kitchen floor. Is it possible that you are browser-testing your website less than you should because it’s annoying to boot up a virtual machine? Or is it possible that you’re subconsciously putting off doing your taxes due to the complexity of your personal finance software? “Little” speed bumps in the design of these products don’t seem so little when you consider the potential consequences.

And what about security? If you have a great security product whose interface is badly designed, what measures aren’t you taking, simply because interacting with the product is difficult or painful?

Threat Stack sits at the intersection of two worlds — cybersecurity and B2B software — both of which have a reputation (whether it’s deserved or not) for being complicated and user-unfriendly. Avoiding this characterization is a huge priority for us, because the ease-of-use of our software affects more than just our bottom line. It has a measurable impact on our core mission: to make our end users’ data and systems safer and more secure. The easier and more straightforward it is to use a solution like Threat Stack Cloud Security Platform, the more energy and commitment users will invest in using it to improve their organization’s  security.

How do we achieve this? Let’s look at one small example.

Onboarding Language in Threat Stack

Onboarding — taking brand-new users from zero knowledge to “OK, I can do this” — is a critical step for any product to get right. The experience you have when you first start to use a new tool sets the tone for your entire future relationship with it — and has a significant influence on whether you’ll come back a second time at all.

Threat Stack, like any software platform, has particular requirements when it comes to onboarding. Since we collect data from your unique cloud assets and platforms, the initial rollout is always (to some degree) a bespoke and detailed process. For this reason, our team supports our customers to understand their specific needs and to offer personalized training — so we never leave new users to fend for themselves. (For more about this experience, have a look at Customer Success Management.

In addition to this personal guidance, however, it’s essential for us to welcome those users — and set the right expectations — in the product itself. Threat Stack’s Get Started tab — home base for all new users — is where we introduce the key concepts that users need in order to get going. And since (depending on where the customer is in the setup process) we can’t necessarily show everything , we can at least tell.


We’ve carefully designed these 2 steps, with specific wording, to set our users at ease right from the start. If we’ve done a good job, we’ll create the following first impressions:

  • Security may be scary, but Threat Stack is friendly!
  • Oh good, initial setup only requires me to think about 2 things.
  • This seems easy; they’ve done a lot of the painstaking and annoying work for me.

And beyond the first glance, we also convey the following:

  • Threat Stack “gets” the technical side of this job, and they aren’t talking down to me.
  • I know what happens next, without needing to understand any jargon.
  • It will take a little time to fine-tune the system, but all the right basics are in place.

By designing an easy, comfortable entry point, we’ve set up new users for success, and the UX helps them understand why they should come back again. Of course, it’s up to the rest of our design and engineering choices, throughout the product, to deliver on that promise — always guiding our users toward staying secure. But that’s another story, for Part 2 of this series and beyond.

The more a user has a positive experience using Threat Stack — and the easier it is to use — the more time they’ll spend in the product; the more they’ll trust the product; and the better they’ll be at heeding its recommendations.

The lesson: Providing good UX and UI to our end users actually makes them — and keeps them — more secure.

For Part 2 of this series, see Better Security Through UX: Visual Design and Emotions.