Delivering Faster Setup and Stronger Protection with Oracle Cloud Infrastructure's Web Application Firewall Redesign

Project Summary

I led the redesign of Oracle Cloud Infrastructure's Web Application Firewall product to better secure load balancers and get users up and running quickly to protect from malicious attacks.

I designed clear, simplified policy-creation onboarding workflows, enabled seamless access to set up policies across services and streamlined the edit workflow.

Results

View Prototype

Skills:

Product Design, Design System Component and Pattern Implementation

Role:

Lead UX Designer

Team:

Product Managers on WAF and cross service teams, API Developers, UI Developers, Technical Content Writer

User Problem

Security architects and administrators needed to quickly secure applications and load balancers against malicious traffic. The existing WAF made this difficult: policies were hard to access, slow to configure, and inconsistent across OCI services. These challenges left systems vulnerable and delayed organizations’ ability to respond to threats.

Usability Issues

Complex workflows: Users encountered complicated processes that delayed the deployment of security measures, leaving systems exposed.

Difficult access to secure policies: Policies couldn’t be easily shared or reused across services, forcing users to recreate work and introducing opportunities for error.

Inefficiencies in policy management: Requiring users to publish each change separately caused delays and reduced confidence in quickly achieving secure setups.

Impact

These challenges increased security risk, created unnecessary delays in defending against attacks and eroded trust in the platform’s ability to provide fast, reliable protection.

‍

The Process

Requirements gathering
Project kickoff discovery with key stakeholders
Competitive analysis
User flows
Low fidelity user flows
High fidelity prototyping
Development handoff
Product launch
Feedback and iteration

Phase One

Identify Users

Security architects, security administrators, legacy WAF users, first time OCI users.

Identify Constraints

Because of our tight deadline, some features needed to be scaled down.
‍
With the design system completely overhauled, the new WAF required a full redesign.

Competitive Analysis

To understand WAF in different contexts I analyzed other cloud services such as Microsoft Azure, Cloudflare, Fastly and Amazon Web Services.

SME Interviews

Discussed the existing solution and customer experience with subject matter experts and engineers.

Pain Points Discovered

OCI did not have the ability to secure Load Balancers or other enforcement points; only domains via a web application firewall.
‍
The previous WAF service made it difficult for users to quickly implement a secure policy, often taking hours or even days to get up and running.
‍
Users couldn’t access a security policy from other OCI services.
‍
A "publish changes" feature resulted in unnecessary delays when adding or modifying security policies.

User Journey Flows

To determine how this new service would interact with other OCI services and how users would access it, I mapped out the complete user journey through all OCI services this product could touch.

Phase Two

Low fidelity user flows

Low-fidelity user flows helped us identify the UI elements required at each step, enabling us to:

‍

Determine the easiest way to get users up and running.

‍

Eliminate unnecessary steps.

‍

Assess how to apply the new design system effectively or whether we needed to add new UI features to the design system.

High fidelity prototyping, iterations and validating

Developed click-through prototypes to showcase the key objectives to SMEs and stakeholders.

Phase Three

Final design, development handoff and product launch

The final implementation transformed WAF setup from a confusing, error-prone process into a guided experience.

‍

Users could now create a policy in minutes, confidently attach it to the right service and adjust security settings without second-guessing.

‍

By removing unnecessary steps and adding clear prompts, the redesign eliminated common errors, reduced reliance on customer support and sped up the time it took to stop vulnerabilities.

‍

Implemented security policy configuration to other services in OCI, such as Load Balancer to swiftly protect from attacks.

Alert security admins to act fast against threats through metrics, logging and notifications.

Eliminated the cumbersome task of publishing each change and simplified the API, allowing changes to be made via a management form instead to enable faster policy application.

Results and Impact

Policy setup time dropped, onboarding friction for new users decreased and error rates in policy configurations went down. The redesign boosted user confidence, improved usability and helped security teams deploy WAF protections more quickly and accurately across applications and load balancers.
‍
Reduced time to secure applications by removing the redundant “publish changes” workflow from product list and detail pages, enabling faster policy application.

Improved first-time setup success with a guided multistep workflow and onboarding prompts, allowing both new and experienced users to configure WAF without errors or reliance on customer support.

Accelerated vulnerability mitigation by adding a step to directly attach newly created policies to services and integrating WAF into other OCI services, streamlining protection across environments.

• 40% drop in configuration errors in first 90 days
• WAF adoption tripled year-over-year across key customers
• 50–70% faster deployment of protection policies
• Customers could now act on threats in real-time with confidence

‍

"Oracle Web Application Security is definitely one of the higher-performing solutions in this space. We're really happy with the capabilities, the output, and the integration."

- Security architect and manager at Covanta

‍

Contact