Key Protect

Design and research for a new key management service for IBM Cloud

Key Protect


My first act was to synthesize and organize existing research, creating a foundation to work from and decide initial research questions. This gathering also more clearly indicated the gaps in the team’s current knowledge of the service and landscape, prompting me to create new artifacts that borrow from other internal and external research and leverage sources of new information like Amplitude and Intercom. These research artifacts smoothed over understanding research up to now and to give future research a common, more rich starting point.

Developed a usability testing protocol and conducted with six participants matching my recruitment criteria. Testing included a think aloud walkthrough, my observational notes, post-test questionnaire, and SUS. I analyzed results, and then organized them as report with full documentation of methods.

Created evaluation and formative questionnaire surveys for users and subject matter experts. Surveys are initiated in Intercom automatically for returning users, asking them what they would change about the service. I developed a protocol to follow when recruiting from Intercom where, once a user responds to this auto message, I am alerted and able to personally thank them for their time and response, and then invite them to take the full questionnaire. During this time, I am able to directly engage with users and potential customers to gather other feedback and desires, as well as answer questions about the service. This provided both an active and passive channel for research activity.

Conducted interviews with internal and external key management domain experts, including engineers and a VP, providing a more qualitative look at the KMS space. These interviews qualified the use of a KMS versus a more simple key store and what use cases each have in development and system management. It also uncovered specific requirements necessary for their particular roles to use a KMS like Key Protect.

I maintained my research progress blog in a Github issue on the offering’s repo.


Made design decisions with UX design colleagues based on my research findings and analysis. Used these design updates in further testing, iterating, and looping back in continuous design work with the development team. We also worked on the information design and copy writing issues with our technical writer, especially where technical details were missing or misleading. I opened several issues on the design and development Github repositories to keep track and notify each person of these issues.


Built NodeJS application using KP API, helping me both empathize with users and to provide a public, open-source example for users’ reference: This was based on one devops programmer, a primary user group, in an interview saying that they appreciated something similar from Ansible Vault. Other research participants also indicated something to this effect was at least memorable if not helpful.


Worked directly with development and management team to ensure alignment and communicate updates and findings as soon as possible. Terry was particularly interested in my research methods and findings, and we frequently chatted in person and over the phone about what the results may indicate and how they can be interpreted into long-term and short-term decisions on the service.

Reported a security vulnerability in KP, whereas the API was not configured to use HSTS. I went through the public corporate channel to report it and also worked with the development team directly. We used this method to test the responsiveness of the public reporting system so that we could ensure that this service would be optimized for security. We discovered that it took a week from my submission to their reception, indicating that their communication routes needed updating. We expect this to reduce the turnaround time for future reports.

In January 2017, I participated in a one-day workshop and discussion with the full Key Protect team in presenting research findings and discussing how to proceed as a team and with the service.

In May 2017, as the development team was finishing a major technical refactor and architectural plan, I worked with Janelle Arita to define the user experience with key internal partners seeing to integrate Key Protect into their service workflows. In a two-day workshop, we co-created journey maps for each service and one overall journey map that the Key Protect team could use to guide their user experience thinking. After this, I also revalidated our personas by canvassing all our users and stakeholders.