Outi has been providing user experience and service design for B2B, public sector and customer market services since the beginning of this millennium. She has designed usability and brought the user-centric approach to the development of online services and mobile apps as well as other digital platforms and digital tools, using different kinds of design thinking methods and prototyping tools. She has experience in doing design as part of the agile software development processes (SCRUM, SAFe, Kanban, Lean). Outi aims to incorporate all the different stakeholder views and needs into the design, starting from strategic business design to the end-user needs and context of use. She is interested in the possibilities of new technologies in aiding the best possible service experience. Her special interest areas cover organisation design, design for complex systems and ecosystems and data-driven design.
Niall is a secure design best practices advocate, coach and promoter. His experience includes seeding the secure design mindset and best practices for private sector Internet of Things web applications and facilitating threat analysis workshops for public sector web application projects. Niall is also passionate about helping organisations to evolve their overall security maturity.
In the first part of the blog series, we described the challenge of combining service design and secure design with agile methods. In this blog post, we will describe a process model for tackling this issue. This model combines the envisioning phase with the agile development phase and ensures that secure design and service design are deployed with the development.
Start with the problem, not with the solution!
At Gofore, we use the service design approach to understand the service or products core purpose. An example of a core purpose can be, for example, Instagram stating that their product is meant to “Capture and Share the World’s Moments”.
The objective of service design is to design a holistic, user-friendly service experience by answering the needs of customers and the competencies and capabilities of service providers. By using design thinking methods and tools it defines the optimal customer experience for the service to be designed. Service design aims to make the service creating actions visible to all parties involved and find empathy and understanding of the users of the service.
The objective of secure design is to ensure that the security and privacy aspects of the service or product delivered, and the associated user experience, have been investigated together with the business and stakeholders from the inception of the project. The challenge is how to ensure secure design, like service design, gets built in?
Utilising a design-thinking mindset, we conceive the core purpose with a “Double Diamond” method. This diamond model of creativity combines divergent thinking and convergent thinking phases to discover as many ideas as possible, and then distil them down to the best solution. Using the Double Diamond, this process is repeated, once to confirm the problem setting (to find out “Why” we’re doing something), and once to ideate the solution (to find out “What” we’re doing). The user environment, user tasks and associated user behaviours are explored, elucidated, visualised and synced with the service provider’s business and strategic goals. This is done using various service design processes and tools, for example by applying participatory user- and stakeholder-oriented design methods from the very inception of the project.
Service design yields the design drivers for the service to be implemented. At the same time, the security- and privacy-relevance of these design drivers should be scrutinised; for example, what is contained within the user data? Does the service ingest personal data? What data regulation must be complied with? What are the business and user assets requiring protection, and how? Thus, service design and secure design should be done simultaneously.
Continuing with service design envisioning, the user epics are ideated, and corresponding requirements are extrapolated. Concurrently, the security and privacy aspects of epics should be identified and documented. When the corresponding service features are concepted and their stories are derived, the corresponding security and privacy user stories should be derived and linked. For example, if the concept is a web application, then the web application’s feature stories should be linked to the associated security and privacy stories where relevant.
Why should you envision first?
By finding the core purpose of the service to be designed, the envisioning phase delivers not only the customer value being aimed for but also the guidance for prioritising the backlog and validating the design (metrics and test cases). It also acts as a valuable resource for defining the service roadmap and business strategy by answering the question: what user features are most important to implement first?
As mentioned earlier, service design and secure design are mutually beneficial and complementary activities. Requirements arising out of service design are likely to have associated secure design and privacy requirements that can be further deduced by assessing the threats and risks to the design. By ensuring that both service and secure design perspectives are purposefully envisioned, a more user-centric and a more robust foundation will be ideated and architectured into the implementation phase of the project. This mitigates the risk of service design and secure design deficiencies that cause further expense, wasted effort and rework arising during the production phase. Notably, this complementary design characteristic also fosters the sharing of design, security and privacy awareness across these historically siloed disciplines.
From envisioning to production
When the backlog of service concept epics, feature stories and linked corresponding security and privacy stories are considered primed for agile implementation, then the initial sprint grooming and planning can commence.
How to ensure continuous design in agile processes?
To ensure a complementary user-centred and security- and privacy-oriented approach throughout the development phase we require both the secure design and service design advocates to participate throughout the implementation. We also require team members and a product owner who understand the benefits of building service design and secure design into the implementation. This is crucial because there is a natural tendency for developers to focus on visible deliverable features; after all, that’s what the customers and business stakeholders want to see; visible signs of progress.
For these reasons, a continuous service and secure design concepting flow should run alongside the actual sprint process ensuring their aligned iteration according to the agile iteration model whereby you plan, develop, evaluate and iterate the design continuously based on user studies and usability testing.
Figure 2. Development
As depicted in Figure 2, the service design and secure design activities continue throughout the development phase to keep the process agile and iterative. The deliverables from the concepting and prototyping work are continuously designed just one or two sprints ahead of implementation. The implemented design is then, in turn, evaluated by usability testing and acceptance testing according to the metrics established in the envisioning phase. If according to the testing, there is a need to change the design, it goes back to the drawing board as design iterations. This ensures a continuous evolution of the service design and secure design epics and features while keeping the service’s core purpose linked to the iterative development and evaluation of the service.
In this way the objective and purpose of the service being developed are nurtured along; prioritising the backlog is easier when the guiding requirements for it have been properly established and are maintained alongside the daily implementation work. Also, by using this model, the concepts delivered using service design and secure design can be re-evaluated at any time. For example, if while doing usability testing, we discover that users’ needs have changed from what the initial envisioning phase suggested, service design will scrutinise and update the core purpose and help steer development into a more user-oriented service experience. Or if some feature or component changes, secure design will scrutinise potential security and privacy impacts and protect accordingly.
Recap: to be truly agile, plan (a bit) first!
Figure 3. Holistic envisioning and development of service design and secure design
At Gofore we encourage our customers to ask for a pre-planning or study/envisioning phase before the actual agile production of the service starts. This delivers preliminary requirements for the service experience, its security and privacy considerations, and guidelines for metrics and evaluation. Envisioning also simplifies the estimation of the scale and scope of the project to be done. With our Envision/Develop process model, we can tackle the service design and secure design requirements while maintaining an agile process wherein the design concept can be iterated at any point during its production.
Service Design Network: What is Service Design?
Design Council UK: The Design Process: What is the Double Diamond? https://www.designcouncil.org.uk/news-opinion/design-process-what-double-diamond
Minna Puisto: People don´t want service design, they want their problems solved!
Craig Bachman: The Agile Experience Strategist
Valerie Carr: LEAN and Service Design | Understanding the differences.
Gofore blog, Niall O’Donoghue: Secure design is a mindset and way of working
Gofore blog, Jyrki Anttila:Hands-onn UX-Design in Lean Projects with Limited Resources
Gofore blog: Combining Service Design and Secure Design in Agile Software Projects: Part,1 the Challenge