Threat Stack

Due to the rapid adoption of containers in the area of software development, Threat Stack was receiving a massive amount of requests for increased support of containers and container orchestration platforms. As the sole UX researcher, I set out to discover the wants and needs of people in the world known as, Infrastructure in Transition.

Designing a survey about containers is about as complex as it gets, requiring an advanced technical acumen. My background in IT served me well in this instance. I began by reading a voluminous amount of information on containers. Once I felt comfortable, I gathered our internal SMEs to go for a deeper technical dive. The result was carefully crafted survey, created in Survey Monkey.

In order to distribute the survey to our users, I created a Pendo guide, which is an in-app pop-up, that intercepts users. The Pendo guide asked them if they would participate in the survey, complete with a CTA button to launch it. Utilizing Pendo ensured that the participants would be actual users of the software, unlike our email distribution list, which included many non-user, business contacts in customer organizations.

With the container survey completed by our users, I provided an analysis of the results and distributed it to the organization.

After learning from our quantitative study, I set out to gain qualitative insights by conducting user interviews. Eight participants were interviewed, with four being Threat Stack customers and four being non-customers, representing the market. Non-customers were recruited and interviewed via the Validately user research platform.

"More container support from Threat Stack would make my life much easier"

"It's a little clunky today - we don't have a good solution for scanning our containers for vulns"

Key Findings

• The pervasiveness of Docker and Kubernetes in the market makes them a clear choice for executing a containerization strategy
• For those that employ orchestration, all were using or moving to Kubernetes
• For those that employ orchestration, all believed that monitoring orchestration-level data is important
• Most participants believe that installing an agent in a side car is an appropriate strategy
• Customers felt that the current event information provided by Threat Stack provides them with a solid foundation to inform them about container events
• A consistent theme was the desire to monitor CPU usage, network activity and memory usage
• Participants expressed a desire to see event patterns, in order to obtain additional context
• Most participants believed that understanding the RBAC scheme of the container is important
• Most participants are monitoring containers for vulnerabilities in some way, often with piecemeal solutions
• The adoption of containers has eased concerns related to incident response, due to speed and ease of data restoration
• All participants use or are moving to a continuous integration platform, with Jenkins and Gitlab being the most popular
• Participants expressed interest in being provided with a baseline, in order to focus on anomalies

The container research study was an intellectually stimulating experience and by far the most technically complex research I've ever conducted. With the results of this research in hand, I was able to huddle with the Product Manager and craft a vision for enhanced container support. The Agent team then embarked on writing a new agent in Go lang, with would be faster, leaner, and provide robust support for Docker and Kubernetes.