Redesigning Castle’s Policy
Management Experience: Case Study

Let me take you through my process of designing and developing Senderplate, a customizable email templating solution designed for apps and developers.

Jin Su Park
7 min readApr 3, 2024

Introduction

My background

Hey there, I am an open source loving multi-disciplinary Product Designer, based in Brooklyn, New York. I’ve devoted my professional career to unraveling complex design challenges with meticulous and integrated strategies, ensuring each solution is both beautifully polished and imbued with purpose.

The intention behind this case study is to document and showcase my design journey and thought process for potential clients who may be interested in using Castle or working with me.

About Castle

Castle is an API-based account security and fraud analytics tool that provides app developers, user behavior insight, and device intelligence. Our customers use Castle to identify bad actors, investigate fraudulent behaviors, and implement user-focused security flows to tackle account abuse and account takeover challenges.

For more information on how we can protect your end users, please visit castle.io

Project Background

About Policies

At Castle, policies are crucial for security, guiding actions based on risk assessments from event data and device fingerprints. My role involved redesigning the policy management experience to enhance its intuitiveness and usability. This redesign was essential for fine-tuning the balance between configurability and uncomplicated user experience. Through this overhaul, we aimed to empower customers with greater control and flexibility in handling complex security scenarios.

Understanding the problem

The current policies require careful configuration of many different aspects of Castle such as signals, filters, lists, metrics, and webhooks. This makes understanding and the process of setting up policies complex and intimidating for the average developer who signs up at Castle for the first time. Despite its effectiveness, we faced an opportunity to vastly simplify and improve the overall user experience.

Recognizing these challenges laid the foundation for our redesign project. It became clear that to truly empower our users in their fight against digital threats, we needed to create a policy management system that was not only powerful in its capabilities but also intuitive, scalable, and flexible. This understanding drove us to reimagine the policy management experience from the ground up, focusing on user needs and the dynamic nature of digital security.

Discovery & Research

Pursuing intuitive flexibility

We hypothesized, simplifying and rethinking how the policy’s feature is designed at its core would not only simplify its perceived complexity but also allow for greater product engagement and feature adoption.

  • Complex Interface: Users were navigating a complex interface that made the process of creating, editing, and managing policies cumbersome. This complexity not only slowed down the response to potential threats but also introduced a higher risk of errors in policy configuration.
  • Limited Scalability: The existing system was not designed with scalability in mind, making it challenging for users to adapt their security strategies to accommodate growing or changing needs. As companies expand and diversify, their security protocols must evolve accordingly, a capability the current system struggled to support.
  • Insufficient Flexibility: Users expressed frustration over the rigidity of the policy management tool. In a landscape where threats can vary significantly in nature and severity, the ability to customize and fine-tune security responses was paramount. The existing system’s one-size-fits-all approach limited users’ ability to respond to specific security challenges effectively.
  • Lack of Clarity and Guidance: Another significant challenge was the lack of clear guidance and support within the tool. Users often found themselves uncertain about how to best utilize the features available to them, resulting in underutilized policy management capabilities and potentially compromised security measures.

Customer-centric approach

Focusing on our larger enterprise customers, we conducted in-depth analyses to understand their unique challenges, ensuring the system’s flexibility and sophistication catered to diverse security scenarios.

This required a deep understanding of their day-to-day security needs and challenges, ensuring our policy management system can offer the flexibility and sophistication required to address their diverse scenarios.

We first mapped out the different workflows to help ourselves better visualize and understand the technical workings of how Castle currently manages policies. By doing so, we gained a deeper understanding of the technical back-end steps involved.

Purging old concepts

As part of this in-depth exercise we also revisited some of our legacy API concepts to better understand how we previously solved resolution workflows. Revisiting these concepts helped us to reacclimate ourselves on the historical journey and evolution of policies as it stands today.

This exercise was particularly helpful because it allowed us to ground ourselves in a more educated position and avoid the pitfalls of previous concepts.

Prototyping & Design

Wireframing groupings and key elements

In the early stages of design process we wireframed the layout of the components and defined the key actions to ensure the interface was both usable and clear, even as we scaled. This process served as a foundational exercise to explore various layout options and organizational schemes for core actions, all aimed at optimizing the user experience for both novice and seasoned users alike.

Refining the policy user interface

Once the basic form factor and layout of the policy management view were firmly established, our focus shifted toward refining the policy item component itself. Our objective was to ensure that, at first glance, users could easily comprehend the core aspects of each policy: the action it would return, its trigger conditions, and any associated list actions. This refinement was essential for enhancing user understanding and interaction with the policy management tool.

Simplifying the policy configuration flow

A key insight that emerged during development was the critical importance of maintaining context during user interactions. Given the interconnected nature of policies and the complexity that arises from their interactions, it became clear that enabling users to quickly modify or update policies in real time — without navigating away from their current view — was essential for efficient policy management.

To address the need for in-context modifications, we introduced a slide-in modal as a standard component within our design system. This modal allows for detailed policy configurations to be made directly from the main policy management view.

Additionally, we introduced the capability to open configurations in the Explore view to test its trigger thresholds. This integration provided customers with greater control over their policies and clearer insights into their effectiveness, significantly improving the configuration process’s usability and efficiency.

Testing & Rollout

Ensuring Seamless Adoption and Functionality

With the innovative solutions for Castle’s policy management system in place, our next step was to rigorously test these changes and strategically roll them out to our user base. This phase was critical to ensuring the new features not only met our high standards but also seamlessly integrated into our users’ existing workflows.

  • Iterative Testing with Real Users: We initiated an iterative testing process, inviting a select group of our most engaged users to interact with the new policy management features in a controlled environment. This allowed us to gather real-time feedback on the usability, functionality, and overall impact of the changes.
  • Educational Workshops and Demos: Parallel to the testing phase, we conducted a series of workshops and demos for our top customers. These sessions served not only to educate users about the new features but also to gather insights on any additional adjustments needed to ensure the tools met their specific needs.
  • Ongoing Support and Feedback Loop: Throughout the roll-out process, we maintained open channels of communication with our users, providing them with the support needed to navigate the new system and collecting ongoing feedback to continuously refine the feature.

Final Result

Conclusion

The redesign and enhancement of Castle’s policy management system have marked a significant milestone in our mission to provide intuitive, powerful security tools.

  • Increased Adoption and Engagement: The simplification and added functionalities have encouraged greater engagement with the policy management feature. Users are now more inclined to explore and utilize the full range of capabilities offered by Castle, leading to better-configured security protocols and enhanced protection.
  • Positive Feedback from the Community: The feedback from our user community has been overwhelmingly positive, with many highlighting the improvements in usability and the effectiveness of the new features in streamlining their security management tasks.
  • Foundation for Future Innovation: Beyond the immediate benefits, the redesigned policy management system has laid a foundation for future innovations within Castle. The flexibility and scalability of the new system ensure that we can continue to adapt and evolve our offerings to meet the changing needs of our users and the dynamic landscape of digital security.

In conclusion, the transformation of the policy management feature stands as a testament to Castle’s dedication to user-centric design and innovation. By listening to our users and embracing a collaborative approach to development, we have not only enhanced a key aspect of our platform but also reinforced our commitment to empowering users with the tools they need to secure their digital environments more effectively.

--

--