Background

The Elastio Platform is a SaaS-based ransomware recovery assurance solution designed to help security and IT teams confidently detect threats and recover clean data,  a critical capability when every second counts during a ransomware crisis. In this project, I led the UX research design for Elastio’s core workflows, transforming complex backup infrastructure and recovery workflows into intuitive, high-impact experiences that empower users to work deliberately, even in high-pressure incident scenarios.

Problem

Ransomware incidents are chaotic: backups can be silently corrupted, traditional tools often fail to detect hidden threats, and teams are forced to guess which recovery point is safe, costing hours or days of downtime. Security teams need clarity, confidence, and speed.  Existing interfaces in the market have data-model centric IA,  tab-heavy navitgation and technical jargon that hinders fast decision-making. My goal was to design an experience that reduces cognitive load, aligns with real security workflows, and accelerates recovery without sacrificing depth of control.

Solution

Design Principles

  • Clarity under pressure: Eliminate unnecessary complexity so users can make fast, confident decisions.

  • Data-centric visibility: Surface the most relevant security and recovery insights at a glance.

  • Action simplicity: Distill complex workflows (e.g., finding recovery points) into a few decisive, intuitive steps.

Three-Click Recovery Workflow

Drawing inspiration from user research and observed SOC workflows, we developed the signature Three-Click Ransomware Recovery experience:

 1 – Centralized Dashboard

The dashboard serves as mission control, aggregating real-time ransomware posture metrics, critical alerts, and reserve health summaries. At a glance, users can understand the state of their environment without digging through logs.

  • Designed the layout and visual hierarchy to foreground risk indicators, recent scans, and health summaries.

  • Created interaction patterns that support quick scanning and decision-making under pressure.

2 – Data-Rich Asset Tables

Once an incident is acknowledged, users dive into a responsive, filterable asset table that intelligently surfaces threats, clean snapshots, and recovery metadata.

  • Built interaction models for search, sorting, filtering, and contextual actions within data tables.

  • Collaborated with engineering to ensure performance and accessibility across large datasets.

3 – Recovery & Validation

After pinpointing the last known clean recovery point, users land on a focused recovery canvas that guides them through confirmation, forensic extraction, and rapid restore actions.

  • Designed component interactions that balance safety (confirmations, context cues) with urgency (one-click restore).

  • Integrated necessary supporting flows like drill-downs into file-level detail and forensic snapshots.

Screenshot 2025-12-25 at 4.04.30 PM
Screenshot 2025-12-25 at 4.06.40 PM
Screenshot 2025-12-25 at 4.05.28 PM

Additional features that compliment the core resilience workflow

Incident Tracking Kanban

A visual history of an incident’s lifecycle, letting teams monitor ongoing remediation and coordinate across roles.

Context-Aware Alerts

Configurable alerts that prioritize actionable information so users and stakeholders receive the right updates at the right time.

Compliance Dashboard

A key oganisational requirement is the ability to demonstrate compliance.  The dashboard provides an overview of compliance metrics as well as an ability to export for auditing.

JTBD based AI Assistant

A persistent AI chat window that presents actions based on the alerting engine and guides the user through to issue resolution, including workflows on the cloud provider

Screenshot 2025-12-26 at 7.54.51 AM
Screenshot 2025-12-26 at 7.57.42 AM
Screenshot 2025-12-26 at 7.56.50 AM
Screenshot-2026-01-09-at-1.47.23-PM.webp

Design System & Tools

I established foundational components and layout patterns that ensure consistency across the platform:

  • Scable chart and table patterns

  • Responsive layout frameworks supporting cross-screen contexts

  • Figma libraries shared with engineering via MCP server

Screenshot 2025-12-26 at 8.02.39 AM
Screenshot 2025-12-26 at 8.03.11 AM
Screenshot 2025-12-26 at 8.30.03 AM
Screenshot 2025-12-26 at 8.30.42 AM

Impact & Insights

  • Reduced cognitive load: All users reported that they could assess ransomware posture and start recovery within moments of login. Compared to competitive products, key users stated Elastio’s design is “best in class” in terms of incident resolution times.

  • Simplified decision paths: The three-click workflow maps to real user needs, aligning design with top-level goals.

  • Operational confidence: By transforming complex incidents workflows into digestible, actionable UI states, we improved team responsiveness during high-stakes events.

This work reflects a design philosophy that prioritizes clarity, actionability, and resilience, based on user research and testing. Thus empowering teams to recover fast without unnecessary friction.