Policy Rule Builder Redesign



1. Redesign the UI to align with the current product.

2. Clarify the default state for the user&user group.


3. Simplify the user flow of creating a rule.

   - How to specify a rule&rule group?

   - How to combine exceptions? 

   - How to increase readability?


   - How to create a seamless experience?

Previous Iterations 


Before I worked on this, there has been work previously done in the past two years although never been implemented

I dived deep into the pattern of the written rule and did several paper testing sessions with users and then developed  two options:

First one was to writing rules as a paragraph using natural language.

Pro: user can see everything on one page

Con: Some of the features doesn't align with the back-end engine( For instance, Exception rules). So then I developed the second one using a wizard.

One-Page Modal

Step-by-step Wizard

Threshold Tuning



My Iterations 


1. Redesign the UI to align with the current product.

2. Users should be able to do more detailed adjusting based on different risks.

3. Provide a clear visual indication of the threshold concept.

4. Explain the complex model of the fluid threshold.

   - How to show the constantly changing number of anomalies?

   - How to show different amounts of anomalies without causing confusion?

   - What's the best visualization?


   - How can the user estimate the adjustment they did?

Final Design

CASB Connect


Integrate our new feature CASB connect into our product


1. Users didn't read the promo info

2. Different use-cases for different roles, which broke the user flow.

3. How to really show the value to the customer?


After understanding the ripple effect on the different tabs, I designed 4 user flows based on user roles and created different entry points for them to realize the value for CASB connect.​

Scenario 1 Business Request

“Purchasing at the company wants to use SAP Ariba to improve the purchasing process. Presented the idea to VP of finance. Finance says great idea, I’ll fund it. Tossed to security,"

User Flow 

Business request > compliance team > search > service details > see recommendations > request API support > governance decision (generates support ticket to CASB Connect team)

Scenario 2 Compare services

“IT paid for Office 365 and has OneDrive. They think that’s sufficient. But other departments say it’s not, they want DropBox, Box. They go to compare services.”

User Flow 

IT initiative > compliance team > registry > filter by category > compare services > see supported use cases > make decision

Scenario 3 Value for Compliance Team

“Compliance team was monitoring the unassigned services and they saw the increasing usage of Lucidchart. They looked at the side panel to see what’s going on.”

User Flow 

Compliance/risk user > my dashboard > services (unassigned services) > lucid chart side panel > see recommendations

Scenario 4 Admin Enable

“Sanctioned service is supported for Box, the user enables the service and admin get the notification to set up.”

User Flow 

Service detail page > add sanctioned service for Box >administrator >add services > set up


Side Panel Redesign


1. Suppress duplicated incidents.

2. Combine incident detail in the side panel.

Redesign goal:

1. Create clear info hierarchy with a high-level summary

2. Show clear high severity matches/collaborators.

3. Make the incident history readable.

4. Design for different scenarios/incidents


Back to home

  • LinkedIn - Black Circle
  • Instagram - Black Circle
  • Medium
  • Facebook - Black Circle

© 2015 - 2020  Xin Tu's  Design Work