DivvyCloud is a Cloud Security Posture Management (CSPM) tool that allows large companies to ensure their cloud environments stay compliant; continuously and automatically. DivvyCloud does this by scanning users' environments in real-time against a set of compliance standards and then taking action if a violation of those standards ever appears.
The Exemptions Feature allows users to exempt areas of their cloud environment from these scans, areas that they don't want to cause a violation finding.
Some cloud resources don't apply to compliance regulations. For example, say DivvyCloud scans a group of cloud resources for any instance of storage accounts that allow access to the world.
Suppose this group of cloud resources includes a storage container hosting images shared on a public website that the user has intentionally made public. In that case, DivvyCloud should not mark this as a violation finding and remediate the issue.
Instead, the user should be able to make an exception for this resource from DivvyCloud's compliance scan, so they can ensure that the images stay public and accessible to the world; this is where the DivvyCloud Exemptions feature comes in.
Since the Exemptions Feature's initial launch, the average size of DivvyCloud customer cloud accounts tripled. As their accounts grew, so did the need to exempt cloud resources from DivvyCloud's scan. Customers went from having as little as 20 exemptions to hundreds and thousands in some cases. They need an easy way to look for specific insights, edit them, delete them, and differentiate them at a big scale. DivvyCloud does not offer these capabilities.
Additionally, the Exemptions experience hadn't been updated using our design system's components and patterns and is inconsistent with other tool areas.
To give the user the ability to manage a large number of exemptions intuitively, I proposed a pattern for bulk actions and updated the Exemptions experience using components and patterns from our design system to make it consistent with the rest of the app.
After shipping out Exemptions to customers for testing, round of feedback, and updating the experience with our design system, Exemptions was ready for release.
Iterating. The next step is to collect more feedback once it's in user's hands. Build, test, iterate, and repeat.