• No results found

User Experience Research Report: Comparative Analysis

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "User Experience Research Report: Comparative Analysis"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

User Experience Research Report:

Comparative Analysis

Prepared for: Tom Haynes [email protected] Written by: Apoorva Bansal Shruti Shetty Saaket Unadkat Krishna Vadrevu Main Contact: Krishna Vadrevu [email protected] Word count: 3284

(2)

Table of Contents

Executive Summary …………..        3

Introduction …………..        4

Methods …...      4

Findings, Evidence, & Recommendations …………..        6

Discussion …………..      10

Conclusion …………..      10

References …………..      12

Appendices

(3)

Executive Summary

In order to identify the key and common components of a two-factor authentication solution, we conducted a comparative analysis between Duo Security and 8 competing products:

SecureAuth, Entrust, Phone Factor, Authentify, Symantec, Google dual-authentication, RSA, and CloudSeal. We identified these competing products through a question in a previous survey of current Duo Security administrators asking for their input on which products they had used in the past and through market research to help identify other leading two-factor authentication companies. Product features from these competing products were analyzed and profiles of each

company  were  created.  We  then  analyzed  these  profiles  to  identify  strengths  in  Duo  Security’s  

current offering as well as features offered by these other products that we Duo Security should explore to add value to their solution. Our key findings, listed below, are derived from these observations:

1. Case studies of enterprises using the solution are emphasized with several of the

competitors.  Duo  Security  can  expand  on  their  version  of  case  studies,  “success   stories”,  to  include  examples  of  enterprises  using  Duo  Security  in  order  to  attract  

enterprise level customers

2. Workflow provisioning to allow for added control over who is enrolling into the system would be a significant addition to the administrative tools provided

3. Video guides in addition to written documentation would be a valuable addition for those that prefer a different mode of learning

4. In addition to the free trial currently offered, an interactive demo would help quickly

highlight  Duo  Security’s  benefits  and  provide  another  channel  of  engagement

5. Duo Security should explore introducing a tablet application, as other products have already done so

6. Duo  Security’s  website  aesthetics,  in  subjective  comparison  with  competitors,  is  a  clear  

(4)

Introduction

Duo Security is an information security start-up that primarily focuses on providing two-factor authentication services to individuals and business. The service is aimed at simplifying the use of two-factor authentication for administrators by reducing the complex nature of setup and for users by providing them the ability to use their smart phone for authentication. Administrators are provided with an easy and direct way to sign up for a free 30-day trial to test the product, this process is critical to getting future customers to buy-in for a longer term contract.

After signing up for a 30-day trial, administrators must create a new integration to specify details for the two-factor authentication to work. This process can be tedious and confusing; it is also usually the point in the service that is a major pain point for administrators. Making setup as easy as possible for administrators is a primary selling point for the available service; this makes it an imperative for Duo Security to provide an easy and flawless process for administrators to complete.

As part of our investigation, we identified competitors that offered similar services as Duo Security. Part of our reasoning to do a comparative analysis was to identify what attracted

customers  to  services  alternative  to  Duo  Security  and  what  these  competitor’s  services  provided  

that could be of use for Duo Security to implement into their own solution. Additionally, we found it important to contrast the effectiveness of each service that competitors offered through online reviews or any documentation provided.

The following services were evaluated and are explained in the methods section: Phone Factor, Authentify, SecureAuth, Entrust, Symantec, CloudSeal, RSA, and Google - all of these services except Google, a partial competitor, were identified as direct competitors. These competitors were evaluated based on metrics that were identified as pertinent for an information technology security service. Based off feedback from user interviews and surveys, the following metrics were deemed the most important and thus used to evaluate each competitor using a competitor feature matrix; Methods of Two-Factor Authentication, Usage, Cost, Supported Platforms, Administrative Features, Documentation Provided, Intended Users, Visual Aesthetics, and Support Services.

Methods

In order to understand the expectations of the user and to see where Duo stands in the market in comparison with other competitors, we performed a comparative analysis with eight other products that we thought could be competitors of Duo.

There were three factors that we took into consideration while selecting the competitors: 1. Newman’s  taxonomy  of  the  various  types  of  competitors

(5)

2. Feedback from users who participated in our survey 3. Important aspects of Duo based on our research

Previously, we categorized the competitors into three categories: Direct, Indirect and Partial, but after much deliberation decided to keep them divided as direct and partial only. We used

Newman’s  taxonomy  of  the  different  types  of  comparisons  to  segregate  the  various  products  

into these categories.

Direct competitors: Products that offer the same functions in the same way. From the way we look at it, these are products that offer all of the functionalities that Duo has to offer in addition to certain other services. We narrowed down seven other products in the market that may come close to being direct competitors of Duo Security:

● Phone Factor: It is a mobile based service, similar to Duo Security that supports

everything from VPNs to cloud services. It is free for up to 25 users and allows up to 500 authentications a month.

● Authentify: While Authentify may not cover as many functionalities as does Duo, it offers two factor authentication in the form of a phone call

● Secureauth: Two factor authentication is one of the many functionalities provided by this product. As opposed to Duo, the authentication methodology works within the system instead of being installed as a plugin to a system.

● Entrust: Unlike Duo, this product offers users many more functionalities in addition to two factor authentication, which they offer in the form of hardware tokens, smart cards, mobile software tokens and USB tokens.

● Symantec: Symantec offers a cloud based two factor authentication service and is used for most online transactions.

● Cloudseal: Cloudseal offers multi-factor authentication in the form of hardware tokens, google authenticator and cloud pass, a java powered application.

● RSA: Like Duo, they too provide two-factor authentication using software and hardware tokens.

Partial competitors: These are competitors that offer only some of the functionalities that Duo

offers.  That  would  mean  security  systems  that  don’t  focus  on  dual-authentication, or only provide it for certain systems.

● Google two step authentication: While this product offers two factor authentication, it is constrained to only Google accounts.

The methodology that we followed helped us analyze Duo Security and make a note of their shortcomings and benefits. A comparative analysis is basically performed to understand the positioning of a product with respect to other such products that are available in the market. Having performed the analysis, we were able to populate some key findings that highlight what features of Duo work in their favour as well as what other features should be included to improve the quality of the product and to generate better user feedback. During our survey, when asked what made them switch to Duo from other products, most users stated the ease of

(6)

setting up Duo on their respective systems and the cost as major factors. We did notice that these factors did indeed make Duo stand out as a better option for two-factor authentication since most competitors either charged a hefty price for the service or followed very complex procedures of setup.

Our appendix provides an exhaustive list of the features of these competitors in terms of the methods of two factor authentication, usage, cost, platforms that they support, administrative features, documentation provided, intended users, visual aesthetics, support services and any additional feature that they may provide.

Findings and Recommendations

Finding #1

Competitors prominently emphasize the use of their products at the enterprise level, while Duo

Security’s  presentation  appeals  to  a  wider  population.  This is both a positive and also a place for growth.

Evidence & Recommendation:

The majority of the competitors we analyzed clearly delineate their target market sectors, with the most common being: healthcare, banking & finance, and enterprise. Duo Security is no

different,  and  adds  ‘public  sector’  in  their  list  of  industries  supported  by  their  solution.  However,   one  of  the  added  benefits  of  Duo  Security’s  site  is  that  they  intend  to  make  their  solution  inviting  

to even small businesses and one-man operations, and not just the primary market sectors, an emphasis that we feel is a clear positive of Duo Security. This emphasis does not appear with any of the other competitors. In particular, SecureAuth, RSA, and Symantec have a decidedly enterprise-centric presentation.

Nevertheless, Duo Security offers one of the strongest two factor authentication systems on the market, which is something that would clearly be highly desirable to enterprises. This is

evidenced  by  Duo  Security’s  client  list,  which  includes  large corporations such as Bechtel. So, while we feel that it is important for Duo Security to maintain its approachable appeal and presentation, we also recommend that additional information be presented that is targeted towards attracting enterprises, which also represent a more significant source of revenue.

One  possible  method  of  doing  this  is  to  expand  on  the  existing  “success  stories”  that  Duo  lists  

under their solutions tab. The current success stories highlight the UofM Departmental

Computing Organization(public sector), corporate security(enterprise), and the Royal Victorian Eye & Ear Hospital (healthcare). Adding more enterprise case studies (as well as some banking

&  finance  examples  to  match  with  the  current  industries  they’ve  identified  as important) could help provide more documentation for someone that is exploring and curious to see if Duo Security would fit well for their enterprise. This addition would not detract from the general approachability of Duo Security, and can help bring in additional clients.

(7)

Finding #2

We found that some of the competitors (RSA, SecureAuth) gave the system administrators additional control over how they manage their users and groups. This was implemented through workflow provisioning profiles that allowed the admin/admins to assign user groups to different admins, based on select criteria. This adds convenience for the system admins to distribute the load of managing the users amongst themselves.

Evidence & Recommendation:

Duo Security already has the feature of organizing users into groups. This is a very nifty and useful administrative feature if used correctly. But a nice addition to it would be this sort of workflow provisioning, because currently, it doesn't appear that there is any way to manage the type/level of user who is enrolling into the system.

Workflow provisioning helps tackle this problem in the following way - The admin can set rules such as if someone is registering from a particular profile, domain or IP pool, they will be directed to a specific admin for approval, who has more direct knowledge of these people and would be able to make a more informed call about whether these people should be accepted and if their information is correct.

Thus, by adding this type of a feature, Duo Security’s  administrative  solution  will  be  more  robust  

and will also allow admins fine grained control over their integration.

Finding #3

We found that some of the competitors offered videos and forums to walk users through the process of setting up the serve on their respective systems. While products such as SecureAuth and Authentify provide video guidelines along with screenshots to help users, Cloudseal

maintains  an  online  forum  where  users’  doubts  may  be  addressed  by  experts  in  the  field.  Duo  

on the other hand lacks any guidance in terms of a video tutorial or forum. While the

documentation provided by Duo Security is pretty detailed and exhaustive, it would help to offer more guidance.

Evidence & Recommendation:

Our comparative analysis of Duo with the eight competitors stated above clearly state how Duo Security lacks the inclusion of video tutorials. This, supplemented with feedback from users who participated in the survey as well as our own experience in setting up the various products on our computers, lead us to believe that including videos and online forums would definitely be very helpful.

While Duo has some nicely documented guides that pretty much focus on all aspects of the product, we must take into account, that not all users are very technically advanced. Video tutorials are an excellent way of providing guidance to such users. Having analyzed other products like SecureAuth, which does a great job at providing this form of guidance, we believe that Duo Security can better enhance the administrator’s  experience  if  this  feature  is  added.  

(8)

Members of a population vary on how they like to process information and learn new methods. By providing another channel of learning the features of the product and how to use it can help make Duo Security accessible and approachable to even more people.

Finding #4

Multiple competitors provided individual demos for each of their products in addition to free trials.

Evidence & Recommendation:

A demo differs from a free trial as it provides a existing structure for the user to test a particular

aspect  of  the  product;;  for  example,  Authentify  provides  users  with  a  preset  fictional  corporation’s  

online web portal which allows users to test the mobile application. RSA & PhoneFactor also provide demos that help users visualize how the product works without having to go through a registration process.

Duo  Security’s  easily  accessible  free  trial,  which  can  sometimes  be  set  up  and  ready  to  test  in  

as little as half an hour, already sets it apart from the majority of its competitors, most of whom require an interested user to first provide details and then wait for contact from a company representative to continue along the evaluation the process. In addition to the free trial, Duo Security should look into providing  demos  that  allow  users  to  quickly  experience  Duo’s  solution.  

More specifically, the benefit of providing these demos would allow administrators to eschew the overhead of getting the service set up in the first place. While going through registration and

integration  into  the  system  can  take  30  minutes  or  longer,  a  demo  allows  the  user  to  ‘try’  the   product  in  5  minutes.  Duo  Security’s  current  user  experience  is  top-notch with fantastic

aesthetics - we believe that providing a demo would be a great way to allow a potential user to appreciate and understand this quickly, thus increasing the likelihood that they go through and try the more detailed trial.

Finding #5

iPad and tablet apps for authentication are offered by several other competitors - Duo Security does not.

Evidence & Recommendation:

In the survey that we conducted prior to this analysis, we asked users for suggestions on how to improve the product, and several mentioned that Duo Security should explore a tablet

application in addition to the mobile applications currently provided. In doing our comparative

analysis,  we  noticed  that  several  of  Duo’s  competitors,  specifically  PhoneFactor(extended  

edition), Authentify, Symantec, Entrust, Google, and RSA all have tablet support. Increasingly, tablets are becoming on par with smart phones in terms of being trusted devices for users, and so introducing a tablet application for both iPad and Android would be a value addition to Duo

Security’s  mobile  offerings.  From  Duo  Security’s  website  and documentation, it appears that there is no tablet application offering, or if there is, this is not mentioned anywhere:

(9)

Figure 1. Duo Mobile's documentation reveals no tablet applications

So, based on our survey results and our comparative analysis, we recommend Duo Security develops a tablet application through which users can  utilize  the  ‘Duo  Push’  functionality.  While  

a tablet application would not be able to provide SMS and voice-calling alternatives, users that want to use a tablet would be aware of this limitation but may prefer using a tablet regardless.

Finding #6

Duo  Security’s  website  was  better  organized  with  a  comparatively  better  set  of  visual  aesthetics than all other services encountered.

Evidence & Recommendation: While the measure of aesthetics is completely subjective, feedback from our survey convinced us to include aesthetics as a measure with which to compare these different products. Several survey respondents, when asked why they switched

to  Duo  Security,  took  the  time  to  mention  in  the  ‘other’  option  that  they  found  Duo  Security’s   “cool  factor”  appealing.  Our  analysis  corroborates  these  sentiments.  The  amount  of  time  it  took  

to understand  and  navigate  Duo’s  website  was  much  shorter  than  all  of  the  identified  

competitors. Additionally, important information was organized in an easy to find and accessible

way.  This  was  not  the  case  on  most  other  competitors’  sites,  where  a  significant  amount of effort and searching was required to develop a basic profile of what was being offered. We believe that this gives Duo an added advantage over these other competitors, and we found it important to emphasize this positive. We believe that the addition of some of the prior recommendations, such as video tutorials and demos, can only help enhance this strength and make the site ven more appealing and inviting.

(10)

Discussion

One of the main things we noticed when we were researching possible competitors was that only two of them had the same service profile. The others provided two factor authentication as a secondary service to add on to their existing security mechanism or as one of their

authentication methods amongst many others. While these products still remain direct

competitors to Duo Security (since they provide strong two factor authentication), it is important to note that they also offer other features.

In our study, we suggested recommendations to Duo Security based on features that two or more other competitors have which could potentially benefit Duo. However, considering the nature of their business, it was not possible to obtain free trials for some of the competitors in time to evaluate them effectively. Therefore, we may have missed out on some other possible avenues of comparison. Duo does an excellent job at eliminating that step and allowing users to try things out themselves before/instead of involving them in a phone or email discussion to explore possible options for them.

Another thing we noticed was that most competitors targeted enterprise setups as potential target audience. While Duo does support those setups, they have tried to widen their user base by giving equal priority/visibility to simpler systems and integrations. We sought to incorporate this vision into our recommendations.

Lastly, we discussed considering the method of integration of the selected products into the system as one factor of comparison. However, given the trouble we had in securing functioning trials with products, with which we could test integration, we determined not to go with this. Further, different systems will have different technical requirements for integration and different security measures required. While this was not within the expertise of our team to analyze, the integration into popular systems may be a next step that Duo Security might want to investigate in comparison with other products, to see if integration can be made easier and more

streamlined.

Conclusion

An effective comparative analysis helps identify possible business competition and understand better where the client stands amongst other similar companies. Duo Security does a very good job with the signup process, initial setup and visual aesthetics. However, when compared to their competitors, we did find a few areas where their service could be improved upon. Our recommendations were to explore the possibility of a tablet based app, supplement the guides with video tutorials, better workflow provisioning and the ability to test integration demos before signing up for the trial account. Duo does a good job at highlighting the features that distinguish themselves from their competitors, but could do a better job at making the common features more conspicuous. These recommendations can thus be adapted to Duo Security's

(11)

existing model or act as avenues of focus for further improvements/research. Implementing these recommendations can help make the already excellent product that Duo Security offers even better.

(12)

References

SecureAuth - http://www.secureauth.com/identity-governance/two-factor-authentication/ Entrust –http://www.entrust.com/ PhoneFactor –https://www.phonefactor.com/ Authentify –http://www.authentify.com/ Symantec – http://www.symantec.com/user-authentication Google dual-authentication – http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744 RSA –http://www.emc.com/security/rsa-securid.htm Cloudseal - http://www.cloudseal.com/

(13)

Appendix

The following spreadsheets show the profiles that we generated for each competitors based on our selected criteria of analyses. The first spreadsheet(2 pages) consists of profiles, the second spreadsheet shows which competitors have tablet applications(1 page), and the last shows if they have a demo(1 page).

(14)
(15)
(16)
(17)

References

Download now ( PDF - 17 Page - 444.39 KB )

Related documents

Clinical Aspects of Infection with Trichinella spp.

As can be readily seen, there are symptoms that highly correlate with the stage of the infection (i.e., enteral phase) and are related to the presence of the parasite’s infective

OJT formal report 2

To measure chloride in a water sample, we add some potassium chromate solution, which is yellow.. To the yellow sample, we slowly add silver nitrate solution (a soluble form

WSO2 Message Broker. Scalable persistent Messaging System

brokers to consume messages from the above node queue and deliver the message

News media representation of public environmental litigation during environmental conflict : coal, coral and courtrooms

For example, the first Australian media interview with Gautam Adani was with The Australian and published the week of the WRAD case filing (where the Whitsunday Residents

GRA-NEVA GRAM GRASS VALLEY/NEVADA CITY CALIFORNIA. Park, Grass Valley. June 25th. Gra-Neva Gram

ATTENDEES: Bill & Sandy Yanko, Vern and Kay Harms, Steve & Vicki Straw, Jerry Dorville, Janet and Gary Spencer, Aaron Johnson, John Burnside, Bill Mitchell, Wayne &

AN APPROACH FOR SECURE CLOUD COMPUTING FOR FEM SIMULATION

Selection of Numerical Methods in Specific Simulation Applications, Proceedings of the Eleventh International Conference on Industrial and Engineering Applications of

E-Waste Treatment Facility in Uganda Business Plan

 recycling fees as additional revenues to ensure a positive financial performance.. Based on the assumed input, a possible layout for the facility has been designed and

ELISABETA ISANOS URGIA PLĂPÂNZILOR

nous aussi pour les ailes d’une volée frémissante, et lorsque nous errons sur son visage délabré, elle se rappelle de nous et de nouveau