Flow, Nutanix’s information security tool, helps companies protect their sensitive data from threats.

But bigger companies with much more data to secure do not use Flow. It didn’t meet their complex information security needs.

The team was looking to improve the overall user experience of Flow to compete with existing alternatives and target larger enterprises.

I redefined Flow’s security architecture and relevant user flows.

Users now have the flexibility to secure their data however they want, no matter how much data they have.
Users also get visibility into issues that need their attention.

These changes made Flow a viable option for our target customers.

– My design process

I was involved from reviewing prior research all the way to supporting developers until launch

My design process, while not always linear, included these key steps at different stages of this project. More so, I worked on multiple projects overlapping with each other.

01 Review prior user research

I reviewed findings from user conversations led by designers and PMs before I joined

02 Analyze competitors

I analyzed several information security services to evaluate their product offerings

03 Identify opportunity areas

I identified opportunity areas and prioritized them from a design and business standpoint

04 Ideate and iterate

I rapidly prototyped with wireframes, mid-fi screens, and high-fi prototypes to test ideas

05 Review with stakeholders

I led several rounds of reviews with internal stakeholders to evaluate my ideas

06 Handoff to developers

I supported the developers in resolving bugs and reviewing fit & finish before deployment

– Pain points identified

Users struggled with configuring security at scale and lacked visibility into their security status

My design process, while not always linear, included these key steps at different stages of this project. More so, I worked on multiple projects overlapping with each other.


The security configuration experience breaks at scale because it takes too long to setup a policy.


Security configuration is rigid, forcing users to setup their data according to how Flow works.


Flow’s security framework doesn’t allow for multiple entities to be secured in one policy.


Users don’t have a one-glance view of their security posture, making it difficult to troubeshoot.


Policies have poor lifecycle management, leading to redundant policies and poor maintenance.

– A change in strategy

I introduced a use case-centric approach to security and redefined Flow’s underlying security architecture

In an attempt to address these pain points, I had the unique opportunity to redefine what a security policy would look like in attempt to address some of the users’ concerns.

Previously, users could secure only one category of data at once

Different categories of information, from company finances to internal R&D data, had to be secured individually. For bigger companies, this meant securing information for each category separately.

Users can now secure any data in one go, reducing setup time.

This removed restrictions around the kinds of data and how many categories of data that can be secured. Users have the flexibility to setup their security without being limited by Flow.

– Opportunity areas identified

The new security architecture allowed me to redesign Flow’s core user flows to address our users’ pain points

A new security architecture meant that Flow’s primary user flows had to be updated. With their pain points in mind, I framed How Might We questions to begin ideating.

How Might We enable users to secure their all of their data in fewer steps to reduce setup time?

How might we present information security in a consummable manner for users to review, monitor, and address security concerns?

– Iteration and stakeholder review

I led design crits with product managers and developers to review ideas and align the team on Flow’s new direction

These weekly design reviews and crit sessions proved invaluable to make my designs well-rounded from all perspectives (desireability, feasibility, and business viability) while also getting a go-ahead from everyone in the team.

Feedback for my designs: how users secure data

This is a very early stage wireframe for how users can secure data. Some of the feedback from the team:

1. There can be better use of space on the screen. The left column is going unused.

2. Showing both inbound and outbound in the same screen will take too much time to populate.

3. The table will not scale easily when multiple rows are added.

This screen continued to evolve over the next few months.

– Final design output

Flow 2.0, a ground-up overhaul of the product, has designs I took ownership of from start to finish

I oversaw the design and development of the new security framework and policy configuration workflows, and an all-new security posture visualization. I also designed features introducing policy lifecycle management.

In-line security setup

The new experience brings a certain level of familiarity to IT admins who are traditionally accustomed to Excel spreadsheets.

Powerful inline bulk actions and one-click creation reduce the time to add rules.

Troubleshoot easily

This all-new experience brings together data access traffic across all policies and shows a one-stop map of all the user’s configuration, allowing users to monitor their security settings and spot alerts quickly.

Manage policies better

Better version control for policies gives users the flexibility to monitor and update changes over time.

Users can also roll policies back to earlier versions in an unlikely event of a policy breaking the system.

– Developer handoff and support

I worked with the developers to address feasibility issues and edge cases I missed during the iterative phase

While everyone signed off on the high-fi mocks for the designs, there were feasibility issues and edge cases that came up once the developers began to build them. Along with addressing these, I also answered questions and talked through my designs regularly.

One instance: adhering to the component library

Although an earlier version of the table had column-to-column dropdown menus, the design had to be changed since the React component library did not have such a component for tables.

– Next steps

The team was gearing up to launch the new experience of Flow, even as I began work on the next set of improvements

At any time, I was working on multiple projects at various stages of completion simultaneously. Even as the development and QA team was busy testing the updates to Flow, I began work on the next phase of experience enhancements.

Closing thoughts

From coordinating with multiple stakeholders to defending my designs and taking accountability for my mistakes, my first stint as a user experience designer taught me many critical skills required to excel in the industry as a designer.

I had the unique opportunity to work on the redesign of a product from scratch. I had the chance to see how products are built from the ground up, the constraints I have to work with, and how I can positively influence change.

These are anonymized peer reviews I received one year into the job:

“Sree Mahit is an exceptionally talented designer at Designer-2 level who is thorough with his design process and delivers quality work on core products like Flow Microsegmentation..."

“Sree Mahit is autonomous in his work as he learns from others very quickly and takes complete ownership of the work..."

"...He has also showcased ability to dive deep in on some complex Flow projects like Policy 2.0 independently...”