This project focused on elevating the platform's Policy Layer by automating and standardizing Access Governance at scale. Our objective was to transform high-risk, complex policy enforcement and remediation processes into a Confident Decision Support System that enabled administrators to make safe, policy-driven decisions while maintaining full control.
Project Duration: 2 Months
Impact: Achieved a 25% reduction in the access review cycle. This minimized compliance vulnerability and accelerated the platform's ability to maintain System Resilience.
The security platform required reviewers to make high-stakes governance decisions without the necessary tools, leading to three critical points of uncertainty:
Decision Paralysis: Reviewers lacked essential context, causing delays that impacted compliance deadlines.
Uncontrolled Failure: A lack of a clear recovery path forced costly, manual incident resolution.
Critical Reliability Gap: Lack of "shift-left validation" eroded user trust in system predictability.
I conducted targeted qualitative and quantitative research to move beyond surface-level complaints and identify the root causes of uncertainty. The goal was to quantify the operational risk and define the core user pain points.
The core issue is that reviewers are required to make high-stakes governance decisions without sufficient context, outcome predictability, or early validation. This failure led directly to Decision Paralysis and uncontrolled failures, jeopardizing compliance and operational stability.
I defined Approval and Remediation as coherent decision workflows, fundamentally solving the challenge of fragmented, non-end-to-end experiences. The design kept admins in context, surfaced operational impact upfront, and eliminated unnecessary navigation.
The initial design was built on a set of assumptions about how admins would reason about governance workflows. However, early walkthroughs and system reviews revealed that these assumptions did not match how decisions were actually made, prompting us to re-examine how governance decisions should be made.
The design rework applied the governance principles directly into the approval and remediation experience.
Keep Admins in Context Admins should make decisions without leaving the current flow.
Make Impact Obvious Show the downstream impact of each action before the user commits.
Guide Decisions with Policy & Risk Use policy rules and risk signals to guide consistent, confident decisions.
Iterations were guided by how well each design supported context, impact clarity, and risk-aware decision making.
I managed the strategic tensions across clarity, visibility, and safety, balancing what we gained with what we had to accept, so every choice supported Confident Decisioning and Guaranteed Recovery.
I delivered the final design across the entire governance flow, including:
Integrated Access Review Screen: A unified review surface combining risk scores, peer group access, and policy violations into a single contextual decision view.
Guaranteed Remediation Page: A dedicated recovery view for failed actions with in-line Undo and Retry to ensure controlled system resolution.
I delivered faster decisions, safer approvals, and significant compliance cost reductions across the governance flow.
I suggest designing an AI Security Copilot. A future side panel that analyzes risk patterns in real time and provides precise context for smarter, safer decisions.
The Copilot’s primary role is to move beyond real-time risk analysis to proactive system optimization, identify policy blind spots and suggest optimized remediation policy templates, automating the process of governing complex rules.
