Overview
Enhancing Collaboration: Improved Transparency and Accountability for third-party vendors
Throughout 2020, Wipro has been working on improving transparency and accountability in our internal file-sharing application - OneWip, which is shared with associated third-party vendors. This initiative involved transitioning from a system with limited access controls to one that allows for introducing new requirements for specific audiences. As a continuation of these efforts, we're adding new controls for sharing within OneWip.
Product Designer and Service Designer
Role
2020
Timeline
-
Generative Research, Data Synthesis
-
Ideation & Brainstorming
-
Concept evaluation, Wireframing
-
UI Design, User Testing
Methodologies
Infosec
Team
***To respect NDA, contents of the case study are changed/blurred to obscure detail, but can be spoken to.
What was happening?
A Lack of Control and Security
OneWip, initially intended for secure collaboration with vendors, suffered from significant security vulnerabilities. Anyone with access to a vendor's distribution list could access the application, creating an open door for unauthorized users. Furthermore, everyone within Wipro and the vendor teams had full read and edit access, regardless of their role or project needs. This excessive permission structure, coupled with OneWip becoming a catch-all for internal documents which included sensitive information. Finding relevant project files became difficult amidst the clutter of irrelevant information.
OneWip
Vendors
Wiproites
Uncontrolled access
OneWip
Vendors
Wiproites
Data overload
Vendor documents
Internal documents
Potential risks
A Lack of Control and Security
-
Data Breaches: Sensitive information is easily exposed to unauthorized individuals.
-
Version Control Issues: Multiple users with edit access could overwrite or create confusion regarding the latest version of a document.
-
Collaboration Bottlenecks: The sheer volume of irrelevant files could hinder finding critical project documents.
What's changing?
Enhanced Security and Targeted Access
-
OneWip Retirement: The current application will be decommissioned due to its inherent security vulnerabilities and the presence of internal documents.
-
Targeted Access: A new application is built specifically for collaborating with vendors on client projects having different folders and access. Access will be limited to designated personnel like leads, Delivery Managers (DMs), and Project Managers (PMs).
-
Automated Sanity Checks: Regular automated checks will be implemented to identify any newly uploaded documents and categorize them, ensuring only relevant files remain accessible to vendors.
-
Two-Factor Authentication (2FA): Both initiating and receiving file sharing requests will require two-factor authentication for added security.
How this will enhance the system?
Enhanced Security and Targeted Access
-
Enhanced Security: Restricted access and 2FA will minimize the risk of unauthorized access to sensitive information.
-
Improved Collaboration: Vendors will have access only to the files they need for their projects, leading to a more streamlined workflow.
-
Clearer Data Organization: Automated checks and file categorization will keep the dedicated vendor collaboration space organized and efficient.
The most rewarding aspect of this project was fostering strong collaboration by working with other teams tackling similar challenges. By combining our expertise and perspectives, we were able to develop a more comprehensive solution that addressed not just the immediate problem with OneWip, but also potential security vulnerabilities across our file-sharing systems. This collaborative approach not only improved the outcome but also highlighted the importance of cross-functional teamwork.
3. What I enjoyed the most 🎉
This project has helped broaden my system-level product thinking. Instead of focusing solely on the features of OneWip, I learned to consider the entire ecosystem of users, access controls, and data flow. This holistic approach allowed me to understand how seemingly small changes, like access restrictions, can have a significant impact on security and collaboration.
Reflection
1. Something new I learned 📚
My biggest challenge was balancing the needs of different stakeholders. While vendors needed access to relevant project files, ensuring data security was paramount. Finding a solution that satisfied both parties involved understanding their specific needs and working collaboratively with the security team to implement access controls that achieved both objectives.
pen_spark
2. My biggest challenge 🚀
You've reached the end of my case study, but don't hesitate to reach out if you'd like to know more about the project or my experience. I'm more than happy to engage in a conversation with you!
Other Projects
It's not an end but an and...!
End-to-end research, design, testing, and presenting the futuristic prediction and analysis journey.
Wipro Technologies
Using AI and therapeutic intervention to assist students in tackling burnout.
Tackling burnout at the university level