January 30, 2024
The Role of Developer Experience in Data Privacy
Learn how we’re improving the experience of using Skyflow Studio and how a great developer experience enhances data privacy.
Design decisions to optimize User Experience (UX) often focus on consumer products, but at Skyflow we’ve always seen providing a great Developer Experience (DX) as essential to our mission: to help companies isolate, protect, and govern sensitive data so that every app, system, and workflow can provide best-of-breed data privacy. We’ve put a lot of thought into how we approach continuously improving our developer experience, which led to the recent release of a new and improved Skyflow Studio UI.
In this post, we’ll discuss the critical role that Skyflow Studio plays in supporting developers at companies that use Skyflow Data Privacy Vault to protect sensitive data, including their customer PII. We’ll also share how we think about developer product UX as distinct from consumer product UX, the pain points we addressed with our refresh of Skyflow Studio, and why effective data privacy requires a great developer experience.
About Skyflow Data Privacy Vault and Skyflow Studio
Before we dive into the role that a great Skyflow Studio DX plays in protecting the privacy of sensitive data, we should quickly recap what a data privacy vault is, and how it’s used.
A data privacy vault isolates, protects, and governs access to sensitive personal data so that employees and workflows get access to only the data that they need, and nothing more, which is why an article published by IEEE calls the data privacy vault architectural pattern the “future architecture of privacy engineering.” With a data privacy vault, you can turn your data governance guidelines into effective, maintainable access control policies. Each system that previously contained plaintext personal data instead contains non-exploitable tokens that point to records in the vault.
With Skyflow Data Privacy Vault, you avoid the problem of data sprawl, which makes protecting sensitive data and managing compliance difficult and error-prone. Instead of the “sprawl” that occurs when sensitive information is endlessly replicated across your systems and services, Skyflow gives you an architecture like the one shown below, making it easy to isolate, protect, and govern sensitive data:
Of course, a vault for sensitive data needs to integrate with your other systems to provide value. That’s where Skyflow Studio and Skyflow’s APIs come in.
With Skyflow Studio, you can establish new data governance policies, implement fine-grained access controls, and assign roles and attributes for each resource without developing any custom software. Skyflow Studio provides a rich GUI that compliments the capabilities offered in Skyflow APIs and SDKs.
To help developers preserve data privacy and ease compliance with regulations like PCI DSS, the EU’s GDPR, and HIPAA, we’ve made the developer experience across our APIs, SDKs, and the Skyflow Studio GUI as intuitive and cohesive as possible.
What Makes a Great Developer Experience?
Creating a great developer experience is distinct from creating great consumer product experiences, but they have a few things in common.
Like a great consumer experience, a great developer experience should be intuitive and consistent. And like consumers, developers benefit from contextual reminders to prevent avoidable confusion.
On the other hand, a great developer experience is unlike consumer product experiences in several ways. That’s because software development has several characteristics that distinguish it from consumer product experiences:
- Complexity and Cognitive Load: Developing software is innately complex, creating a cognitive load for users that is unlike anything required when using consumer products.
- More Feedback, Please!: Because of the cognitive load that developers experience, they benefit even more than other users from rapid “feedback loops”, as noted by researchers from Microsoft and elsewhere in DevEx: What Actually Drives Productivity.
Our experience working on developer products led us to define a set of developer experience principles that guide how we approach optimizing Skyflow Studio developer workflows.
Skyflow’s Developer Experience Design Principles
Here are the five principles that guided our work on improving the Skyflow Studio developer experience:
Intuitive: As Simple As Possible
To reduce the cognitive load of using Skyflow Studio, we’ve worked hard to make it intuitive. For us, this means establishing a clear system of information hierarchy, as well as a visual hierarchy that improves the discovery and comprehension of the Studio UI. A clear information hierarchy means that UI elements like navigation, page layouts, and workflows are well-structured. On the other hand, a clear visual hierarchy makes use of characteristics like color and size to emphasize, de-emphasize, and draw relationships between UI elements.
Being intuitive means thinking critically about what information we need to expose to developers while providing a clear path for users to discover more information. One of our biggest accomplishments was the rollout of a simple linear navigation model that organized content by resource level, to help developers avoid getting lost while using the Studio UI. This significantly improved discoverability and reduced context switching by placing actions (like modifying access controls) directly at the level of the resources (such as specific vaults) that are being impacted.
You can see an example of how we reorganized the resources exposed in Skyflow Studio to be more intuitive below:
To avoid decision overload, we identified opportunities to guide developers through core workflows in manageable increments. For example, one workflow optimization in the latest version of Skyflow Studio is that we break up pages that require many inputs into multiple steps, with inputs logically grouped within each step. This approach improves the developer experience because when there are dependencies between certain inputs, we arrange those dependencies to be exposed intuitively in the workflow, and only when they make sense.
Inclusive: Increase Access
Inclusive design benefits everyone. To build a great developer experience we prioritize accessibility from the very beginning. As we define personas, we keep in mind that our users come from different backgrounds and may have different abilities or limitations.
This practice doesn’t only guide our information architecture and user interface, it also guides our use of language in the Skyflow Studio UI. Technical audiences aren’t all familiar with the same concepts and terminology. This is why we choose the most familiar and direct words whenever possible and avoid colloquial language in the Skyflow Studio UI.
For example, when redesigning our tokenization settings UI, we replaced a flat, terminology-heavy UI with a cleaner hierarchy that uses more inclusive language.
Consistent: Set Expectations, then Meet Them
The best designs are consistent, which is why we updated Studio to make styles and patterns as consistent as possible across the product. We make a point of using patterns and interactions that are likely to be familiar to our customers. This approach significantly increases the efficiency of our design sprints by eliminating lengthy churn cycles. Components are designed to be consistent, repeatable, responsive, and scalable.
Ethical: Do What’s Right
Skyflow is a data privacy company, so we have a core commitment to privacy and security within our products and seek to emphasize that commitment in our designs. This means being transparent with our users and setting clear expectations. This design principle is why Skyflow Studio always defaults to the safest and most secure option, while still giving users the flexibility to customize settings to meet their needs.
Being transparent means providing full explanations, rather than the terse explanations that sometimes plague developer UIs. And, it also means making sure developers understand the overall context. Developers’ need for context is one reason that we avoid hiding actions that are unavailable in our UI for certain users and contexts. Hiding these actions would miss an opportunity to help developers discover Skyflow capabilities that will help them to protect users’ sensitive data.
So, instead of hiding unavailable actions, we keep them visible but grayed out. We also provide contextual help, alerts, and hover tooltips to explain why certain actions are currently unavailable.
Iterative: Avoid Sweeping Changes
When redesigning a developer product like Skyflow Studio, it’s essential to have an idea of what the future state of the product will be, and it’s just as important to have a strategic plan for how you get there that honors user needs. Early on, we created a blueprint of the ideal Studio architecture, and we also created a phased rollout plan to guide the incremental transition of each section of the product experience into its envisioned form.
When redesigning Skyflow Studio, we had the goal of creating space to scale our feature offerings so that we could narrow the inevitable gap between the capabilities offered in our API and our Skyflow Studio UI. Taking an iterative approach also means being careful about how updates to the Skyflow Studio UI impact our existing users.
This can be a balancing act when working on developer products, because while each piece of added functionality empowers users, adding too much functionality all at once can confuse them and create unnecessary complexity. On the other hand, adding new features to the UI iteratively allows us to increase productivity without increasing the learning curve.
Which Pain Points Did We Address?
Of course, while design principles are important, improving any design requires research and analytics to identify customer pain points. Here’s a list of the pain points that we observed in earlier versions of Skyflow Studio that we addressed with our latest update
- Errors Caused by Lack of Context: For example, we noticed some cases where developers created a service account for the wrong vault because they lacked contextual clues, and addressed these cases in the new UI.
- Challenges When Creating Columns: We noticed that our developer customers sometimes struggled with column creation, so we introduced a new, focused workflow to support the creation of new columns within Skyflow’s relational tables.
- Boosting Discoverability for Key Features: We noticed that sometimes developers struggled to find critical actions like configuring their tokenization settings, so we made these harder to miss.
- UI and API Parity: We looked at which workflows developers performed most frequently using our APIs that weren’t exposed in Skyflow Studio, and prioritized exposing these workflows in the Skyflow Studio UI.
- Need for More UI Text and Context Preservation: In cases where UI text was lacking, we improved or added it. And, in cases where crucial context was missing, we updated our UI to preserve that context.
Why Developer Experience is Key to Data Privacy
Developer experience isn’t a luxury, especially when the task at hand is protecting sensitive customer data or overhauling how you use that data. This is because the stakes when managing sensitive data are unusually high. If sensitive data is compromised, no technical fix will recover the loss of that data to unauthorized parties.
Beyond your concern for your customers, there are also a variety of risks to your business, because mishandling sensitive data can damage your reputation, impact your compliance certifications, and result in hefty fines. A developer experience that lets any developer, including those who lack deep expertise in data privacy, automatically apply best practices while engineering sensitive data flows can help your business avoid these undesirable outcomes.
A data privacy vault with a great developer experience also helps you to more rapidly access new markets. With Skyflow Studio, you can rapidly accommodate compliance requirements, such as the EU’s GDPR or any other local data protection law. Skyflow Studio also lets you rapidly solve other business problems, like the need to orchestrate, optimize, and scale up how you handle payments – or preserve data privacy in LLMs.
Finally, a great developer experience accelerates any required maintenance or updates. Skyflow Studio is especially useful in these situations because speed is of critical importance when enhancing and maintaining mission-critical systems that are actively being used in production.
The redesign of Skyflow Studio is an ongoing journey, and each step brings us closer to our destination. Looking back at where we started, we’re so proud of what we have accomplished as a team, and we’re very excited to keep the momentum going.