Feedback
At a high level, a few principles / ideas:
- Delta view “was → is” will be huge, and while we don’t have the data to populate yet, it’s worth thinking in these terms.
- Main page must be a 5-second scannable rule - what are my top 10 to action PLUS a one-slide narrative demonstrating how we are reducing risk over time.
- We need to surface remediation advice on the top and add an inactive “create a ticket” button - we will wire it in the future. Things like ownership assignment / attestation could be pushed to other tools in the future (e.g. Teams).
- RG-scores need a tooltip or a callout showing how it’s calculated
- Need to think what the graph will look like as complexity grows - it must be readable.
- In findings, sensitivity of data is key - so we need to show it on the graph and in findings - effectively, it’s “we have an automation → it touches sensitive data + scope drifted + no owner + LLM endpoint = you have a problem”
Homepage
Shift from inventory summary to top risks by blast radius + include a one-slide narrative for the CISO demonstrating at a high level risk reduction over time: "orphaned wfs or AI-connected risk trending downward”. Think of it as
- what’s most dangerous now
- is it getting better or worse
- am i reducing systemic exposure?
The homepage should include:
- Top risk combinations (named), e.g. a tile “3 Automations: Sensitive Data → External Egress → Orphaned Owner → Active Execution”
- Risk velocity: the before vs after. A table (chart?) showing each of the category changing (<< this is huge because this is what opens up budget with “personal gain”)
- AI Egress Control: Reduced unvetted AI-connected automations from X to Y
- Ownership Integrity: Decreased "Functionally Orphaned" workflows by Z% through automated ServiceNow remediation
- Privilege Right-Sizing: Reduced over-privileged Entra service principals by N%.
- Drift Containment: Total "Scope Drift" events detected and remediated within 24 hours
- Risk Class Reduction (Monthly Trend)
| Risk Category | 90 days ago | 30 days ago | Current Status | Delta |
|---|---|---|---|---|
| High-Risk AI Egress | xx | 42 | 5 | -88% |
| Orphaned Ownership | xx | 115 | 12 | -90% |
| Over-Privileged Identity | xx | 88 | 34 | -61% |
| Sensitive Data Exposure | xx | 19 | 2 | -89% |
Automations
“Origin” —> change to “data domain” and include different domains (we collect various today)
Finding
Within finding - add a "Create Remediation Ticket" button that's inactive (it'll be phase 3, but it works well on teh demo since it shows the direction we're taking). Move "remediation" section to the top.
Graph
Graph - need to double check that data is correct. For example this one,
- “Auto-route identity tickets” is a business rule, but here it’s “identity”
- It needs to include which data domains are touched
I’m also on the fence about simplifying it to "automation -> auth (e.g. SP) -> destination -> data domain”… Need to run it by a CISO & get feedback - and also see what it will look like when multiple automations overlap.
Timeline - must include visual "was -> is" showing dif "yesterday this automation had 3 permissions, today is has 10.. yesterday it touched HR data, today it added Customer”