Anu Jayasinghe (UX)  |  Jared Crane (UX)  |  Lindsay Roberts (FED)  |  Mallory Frye (UI)   |  Patrick Lowden (UI)  |  Stefanie Owens (Research)


A web application to facilitate security patch planning and installation on IBM Power Systems servers for enterprise-level customers; through our proof-of-concept in the incubation phase, IBM created an entire design team around the idea.  




7 weeks

This is the best story of design at IBM in the last three years… The team came to them saying they need one-click firmware updates for Power Systems… By doing field research, they found out that this was a human problem, not a system problem. Not only did research inform what they built, but what they built was beautiful itself as well.
— Phil Gilbert, General Manager of Design at IBM

Project Objective

Project Monocle started as an incubator project conducted during Design Bootcamp for New Hires in Fall 2015 at IBM Design.  Through the success of the 7-week incubator, IBM Power Systems then created a full-time product design team around the concept, enabling 5 designers to continue working on the concept for an additional fourteen months.  The work detailed below highlights only what was created during incubation. 

The incubator program pairs teams of early- to mid-career designers with highly strategic business initiatives from throughout IBM for intensive projects designed to foster innovation and disruption.

The Monocle team was tasked to explore the field of updates and upgrades that are mission critical to keeping all of IBM Power Systems server products secure.  Think: these servers are those that run major data centers around the world that are the backbones of credit card companies, major retailers, and even governments in some instances.  The sponsoring product team originally came to us asking for a "one-click update" for all Power Systems.  Through user research, we discovered that a one-click update was actually not the right way to go. 

According to a 2016 study by the Ponemon Institute, the average cost of a data breach is about four million dollars.
— 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute

We used the technique above called empathy mapping to think through what our target users would think/feel/say/do on a day-to-day basis in their roles as system administrators responsible for patching and updating Power Systems.  We used this as a generative technique to formulate our research questions, and met with our research participants on a weekly basis during the project to interview them and conduct usability tests of our prototypes.  We chose one-on-one interviews due to their wealth of qualitative in-depth data and relatively quick prep time since we were working on such a short timeframe. 

Through empathy maps and discovery interviews, we discovered three primary personas involved in the process of security patching in an enterprise environment, and mapped out their current state in order to articulate their biggest pain points. 

Persona Key for User Journey:  Gray Circle = IT Security Lead | Teal Circle = IT Manager | Yellow Circle = System Administrator (or, the everyday hero)

Persona Key for User Journey: Gray Circle = IT Security Lead | Teal Circle = IT Manager | Yellow Circle = System Administrator (or, the everyday hero)

We found that the current process of updating servers is rigorous and time intensive.  It causes headaches for enterprises to not only find the appropriate fixes their servers need, but then it's even worse to actually schedule downtime on the servers to fix the issues and report those repairs for security compliance purposes.  It's next to impossible to automate this process; in fact, automating it could even make matters worse!  Even after that process is completed, an enterprise still has to report on its security patching in order to maintain compliance with industry regulations.  As one of our Sponsor Users identified during an interview, planning and managing security patches and updates is not only a pain to perform, but also to report on:

I spend 25% of my time during the first half of the year prepping for our audit in July. That may not sound like much, but multiply that by 50 hours a week, at a manager pay rate, with all the weeks required, and that is a lot of time.
— IBM Power Systems Customer (Monocle Sponsor User)

Not only does the security patching process take a lot of effort, but it is vitally important to the safety and security of the enterprise data; one mistake here could take an entire organization down.  With this understanding in mind, all of our team sketched out wireframes, iterating each week by learning from our users via one-on-one interviews and usability tests via Invision. 

You guys have done such a great job of listening; we talk and you listen and next week new things are there and every time it’s gotten better. It’s been very encouraging to use my time efficiently because it’s turning out to be a product in the long run that is going to make a big difference for us and for other customers... When will the beta be ready?
— IBM Power Systems Customer (Monocle Sponsor User)

Project Outcomes

The Monocle Incubator team was selected as the only team to present their work to Phil Gilbert, General Manager of IBM Design, at the end of the Incubator program in 2015.  As of fall 2016, the Monocle project has been released into a public beta, and is currently being tested by various system administrators. 

Watch Doug Powell, an IBM Design Principal, use the story of Project Monocle as an example of how design is driving outcomes at IBM at the O'Reilly Design Conference in 2017. 

Please contact me if you'd like more of a peek at the UX design materials created throughout our design process, as well as the current Monocle beta application, and I can schedule a one-on-one presentation.