Unified Key Orchestrator within IBM Cloud Hyper Protect Crypto Services wins Red Dot Award

Two years ago, my team, the Hyper Protect Services design team, set out to tackle the challenge of merging two established products in the complex space of crypto key management. We not only cared for an excellent interface design, but through our workshop facilitation and collaborative problem solving, we led the product team to a future-proof concept and unified mental model.

As proof of our impact, I am proud to announce that we won a Red Dot Award: Brands & Communication Design 2023 for the interface design of Unified Key Orchestrator (UKO). With this achievement we join the ranks of our other, recent design award recipients in IBM Z Design.

Red Dot Award: Brands & Communication Design 2023 for the interface design of the Unified Key Orchestrator within IBM Cloud Hyper Protect Crypto Services

Key management is moving into the cloud

Data security has always been the primary focus in regulated industries. As organizations move sensitive data and business-critical workloads from on-premise solutions to the cloud, it has become even more imperative that their data is safely and reliably encrypted.

Those organizations often follow multi-cloud strategies to match their workload needs best and to prevent vendor lock-in. However, this adds significant operational complexity around data encryption and encryption keys.

Manage crypto keys across multiple clouds from one point of control

Each cloud environment and provider has their own mental model, including different key lifecycles. So far, there was no way to manage all keys across all clouds in a unified way and from one pane of glass, which made key management particularly difficult for less experienced users.

“It would be very complex to use Azure in AWS because Azure is so highly integrated.”
— Respondent

Simplifying and streamlining multi-cloud key management

Since its release in 2022, the Unified Key Orchestrator within IBM Cloud Hyper Protect Crypto Services provides a seamless, truly unified experience, abstracting the complexities and different mental models of key management across clouds to allow IT Security Architects to securely distribute and manage keys not only in IBM Cloud, but also in other clouds like Azure, AWS, and Google.

UKO’s mental model: A master key, protecting several vaults. The vaults contain managed keys that get distributed to connected keystores.

From pixel pushers to problem solvers — prioritizing design first in UKO

Incorporating design into traditional product development is a common struggle for many design teams. Merging two established products on top of that only adds to the challenge of integrating teams and technologies.

However, we were able to guide our product team through this complexity and to successfully release a user-centric roadmap, becoming an essential stakeholder for the product team. We were able to improve collaboration and communication across two teams, set aligned goals for two products, made tough product decisions, and kept everyone aligned on every step of the way.

Obligatory pictures of people and stickies ;-)

We led two custom-made, several days long, in-person workshops, including playbacks, mutual product reviews, need statements, scenario maps, and mental models, to tackle tough conceptual questions together with our product managers and developers.

What followed was a many months long, consistent and thorough design process, leading from mid- to high-fidelity designs, with countless design critiques and playbacks every two weeks.

“They fearlessly re-designed everything!”
— Workshop participant, I guess with mixed feelings of hope and fear ;-)

A first success story with a German State Bank

This bank was utilizing Microsoft Office 365 on Azure Cloud, and they required a secure key management solution for all Office 365 users that complied with their security policy, so it needed to be external to Azure.

With the Unified Key Orchestrator, the customer lowered their total cost of ownership, meets regulatory requirements, and effectively distributes crypto keys, generated in a high-end cloud-based Hardware Security Module (HSM).

“Unified Key Orchestrator is the sexiest solution on the market.”
— Security Architect from a German State Bank

Contributing designers and researchers

Eleonora Massarelli (User Experience Design)
Jamie Lai (User Experience Design)
Jan Christensen (Visual Design)
Katarzyna Chmielewska (User Experience Design)
Ken Werner (User Experience Analytics)
Maryann Slama (User Experience Research)
Mayra Bautista-Schillinger (Design Manager)
Mona Konietzny (User Experience Research)
Volker Bönisch (User Experience Design)
Weronika Ciesielska (User Experience Design)
Tim Reiser (Design Lead)

But, of course, there are excellent people in adjacent disciplines who have contributed their hearts and brains:

Amit Gupta (Project Management)
Artur Pałka (Backend Development)
Błażej Pawlak (Development Manager)
Chris Smith (Product Management)
Di Xu (Content Design)
Eric Brown (Front-end Development)
Isabel Arnold (Technical Advisor)
Jakub Jelonek (Architect)
Louisa Muschal (Product Management)
Marco Pavone (Architect)
Peter Šándor (Front-end Development)
Søren Møller-Larsen (Project Management)
Tiffany Li (Content Design)
Wojciech Henszke (Backend Development)
Zaza Tsitsishvili (Front-end Development)
…

This is one more proof point that product design and development is a team sport. THANK YOU ALL!

Tim Reiser is a Senior Design Lead and Manager at IBM, based in the IBM Studios Boeblingen, Germany. The above article is personal and does not necessarily represent IBM’s positions, strategies or opinions.