Yes-Security · Shadow IT Governance

Shadow IT Dashboard

When employees use apps their company hasn't approved, sensitive data can slip out unnoticed. I designed the dashboard that helps security teams catch it - and act fast.

Role
Sole UX Designer
Year
2023
Domain
Shadow IT · Data Governance · Enterprise SaaS
Explore final design
Yes-Security dashboard preview
Project Context

What is Yes-Security?

Yes-Security is a Shadow IT monitoring platform. It watches your network and surfaces every unauthorized tool employees are using - whether IT approved it or not. I owned the design of the core dashboard that security teams use daily to monitor data exposure risk and decide what needs immediate action.

1
Primary user - Shadow IT Manager / SOC Analyst
The daily operator. Monitors the tool list in real time, investigates specific findings, and triages what needs attention now vs. later. They use the full dashboard - KPI cards and the tool table.
2
Secondary user - CISO
The executive stakeholder. Looks at the 4 KPI cards for a fast read on overall risk posture - are things getting better or worse? They don't dig into individual rows. The KPI cards are their view.

The dashboard was designed with both users in mind - the KPI cards serve the CISO's executive view, while the tool table serves the analyst's operational workflow. One interface, two levels of depth.

The Problem

Drowning in data, starving for signal

When everything looks equally urgent, nothing gets treated that way. And in a Shadow IT dashboard, that is not just bad design - it means unauthorized tools go uninvestigated, data exposure goes undetected, and a hidden risk quietly becomes a breach.

Research

Building understanding without direct user access

At an early-stage startup, I didn't have access to end users for formal research. Instead I built understanding through two sources: interviews with the founding team and competitive analysis of how leading security platforms handle threat prioritization.

1
Shadow IT analysts scan - they don't read
From interviews with the founding team, I learned that target users glance at dashboards under pressure. Visual hierarchy had to communicate priority before a single word was read.
2
Existing tools created alert fatigue
Competitive research showed that tools like Netskope used structured risk scoring - Critical, High, Medium, Low - because vague severity labels slow analyst response time and increase the window of data exposure.
3
Seeing a problem without a path to action is useless
Prospects told the founding team they were frustrated with tools that surfaced findings but gave no clear next step. Every finding needed a clear, immediate path to action.
Design Approach

One question guided every decision

Can a security analyst answer "is anything on fire right now?" within 5 seconds of opening this dashboard? Every design choice was tested against that.

01
Clarity over completeness
The dashboard should do the cognitive work of prioritization - so the analyst doesn't have to. Show less, surface the right thing.
02
Language is design
"6 Findings" means nothing. "6 Critical Findings on Admin Accounts" tells a story. Every label was chosen to drive action, not just describe data.
03
Always actionable
The gap between seeing a problem and acting on it is where security risks live. Every finding needed a clear, immediate next step.
Design Decisions

Three decisions that defined the product

The dashboard had three core design challenges - each one a direct response to what I learned in research. Here is how I solved them.

1
Defining the severity taxonomy - Critical / High / Medium / Low
Rejected approach
Vague labels like "Important" create hesitation at exactly the wrong moment - when an analyst needs to act fast on a potential data exposure risk.
Chosen approach
Adopted the industry-standard severity taxonomy used across leading security platforms like Netskope and CrowdStrike. Analysts don't need to learn a new system - they already know what Critical means.
2
Inactive tools dimmed to 40% opacity
Rejected approach
Marketo (last seen Nov 2021) sitting in the table with the same visual weight as tools active today - a very different risk profile treated identically.
Chosen approach
Inactive tools remain for completeness but render at 40% opacity. Active risks automatically dominate attention without any sorting required.
3
"Investigate" always visible - not hidden on hover
Rejected approach
In high-stress situations, hidden actions add friction. A security analyst shouldn't have to discover that a row is actionable.
Chosen approach
Action button always visible. Label changes by severity: Critical/High - "Investigate", Low - "View", Inactive - "Review". Language matches urgency.
The Solution

A security dashboard that tells analysts exactly what needs their attention - and gives them a clear path to act on it, without wading through noise.

Final Design

From noise to signal

The final design makes data exposure risks visible, prioritized, and actionable - giving security managers a single view of every unauthorized tool in their environment, sorted by risk, with immediate paths to investigate.

Feature 01

KPI cards - one number, one message

Each card leads with the alert count as the dominant element. A colored top stripe signals severity at a glance. Supporting context sits quietly below the divider - available but not competing.

KPI cards design
Feature 02

Tool table - sorted by risk, always actionable

Every tool is sorted by severity. Inactive tools recede visually. The action button is always visible - label changes to match the urgency of each row. A kebab menu gives quick access to edit or delete.

Tool table design
Feature 03

The employee email form - closing the loop

The dashboard tells the security team what tools are being used. But it can never tell them why. I designed a second touchpoint - a lightweight form sent directly to the employee via email - that captures the context the automated system can't: what are you using this tool for, what data does it touch, who recommended it?

The employee never needs to log into Yes-Security. They get an email, click a link, fill out a simple form. That's it. The response flows back to the security team and gives them what they need to make a decision: approve the tool, investigate further, or revoke access.

Why this matters
Meets the employee where they are - email, not a security tool they've never heard of
Turns an unknown risk into a known and understood one - with zero friction
Reflects a philosophy shift - understand and decide, not block and punish
Creates a paper trail - the employee's response is documented for compliance and audit
Employee email form design
The complete loop
🔍
Detect
Yes-Security finds
Airtable via OAuth
📊
Dashboard
Analyst sees it flagged
triggers outreach
📧
Email form
Employee fills in
why they use it
Decision
Approve, investigate,
or revoke access
Final Words

What I took away

Clarity is a form of speed. Every second of confusion the interface creates is a second an analyst isn't spending on the actual threat.

Without direct user access, stakeholder interviews and competitive analysis become your most powerful research tools. Secondary research isn't a compromise - it's a skill.

Language is a design decision. "Important" vs "Critical" isn't a copy choice - it's a UX choice that affects how fast an analyst responds to a real threat.

If I could continue this project, the next step would be usability testing with real SOC analysts - measuring time-to-prioritization with the dashboard, and validating the severity taxonomy against how analysts actually talk about risk.

A note on the domain: I joined Yes-Security without a cybersecurity background. Within weeks I had immersed myself in Shadow IT governance risks, and how enterprise security teams operate. Sometimes the most valuable thing a designer brings is a beginner's eye - and the willingness to ask "why is this the way it is?" 🔐