ReShield
ReShield (Acquired by Rubrik)
ReShield is the AI Native Identity and Access Control SaaS Platform, Which helps tech companies automate and secure all human and non-human identities.
My Role
I've been with this project since day one as the only designer on the team. I handled everything from product design to building the website in Framer, plus all the visual design work for marketing assets and pitch decks.
The Problem
As organizations grow and move to the cloud, their data becomes fragmented spread across databases, applications, and countless SaaS tools. This data is accessed by a complex web of both human identities (employees, contractors, partners) and non-human identities (service accounts, API keys, automated systems).
Managing access across this landscape is chaotic. Approvals are manual and slow, frustrating users and delaying work. Both people and machines often hold excessive permissions because there's no easy way to apply precise controls. And perhaps most critically, teams lack visibility into who and what has access to their systems, making it nearly impossible to spot over-provisioned credentials or potential security threats before they become real problems.
Need for AI native Identity and Access Control Platform
Legacy identity tools can't keep up with modern complexity. They struggle to track both human users and non-human identities like service accounts and API keys across clouds, databases, and hundreds of apps. Manual processes create bottlenecks, visibility gaps lead to over-provisioned access, and security risks hide in plain sight. Organizations need something smarter.
ReShield delivers complete visibility and control. We unify every identity across your entire stack, apply granular permissions down to specific data levels, and use AI to detect risks in real-time. Automated workflows handle access requests and compliance reporting, while seamless integrations fit into your existing environment. The result? Instant answers to "who has access to what?"—with the precision and speed modern security demands.
Understanding the Users
We've talked to all our user personas and how they operate in their org. Based on the customer interviews, research, and competitor analysis, I've created a mind map for each user persona to keep myself in the users' shoes.
Information Architecture
I spent time defining our IA in the early days. Rather than focusing only on what we were building then, I included our vision and roadmap in the structure. This approach ensures we can scale smoothly and maintain an intuitive experience as we grow.
Insights
The homepage is our most-viewed page, where users monitor all risks and identities. I designed it to be clean and minimal while clearly surfacing urgency and priority—ensuring users can quickly identify what matters without feeling overwhelmed. This approach has resonated well with our customers.
Integration
Integration is core to our product's value. I designed a straightforward system where users can add and monitor their resources with ease. We organized integrations into clear categories cloud, databases, Kubernetes, IDPs, and applications making discovery and management intuitive. Since each resource type follows a unique setup flow, I ensured our documentation is accessible throughout the process, providing contextual guidance exactly when users need it.
Access Graph
Our AI-powered query interface lets users explore their entire security landscape through natural language. I designed a structured view that connects users, groups, roles, and resources in a clear hierarchy—making complex access relationships immediately scannable. Risk indicators like 'Overprivileged' are surfaced inline, and action options appear contextually, allowing users to move from discovery to remediation without friction.
App Directory & Requests
The app directory gives users a complete view of available resources, with frequently requested ones surfaced for quick access. I designed the request flow to be frictionless—users select their application and resource, specify duration and permissions, and provide context for approval, all in a few clicks. This streamlined approach removes barriers while maintaining necessary governance.
Request Approval
Resource owners can review and approve team requests in a dedicated view. In My Access, users see their active permissions, retrieve one-time credentials, and track pending requests so they can follow up as needed.
Access Policy
Every connected resource requires an access policy. I designed this to let users define who can request access, what permissions they can request, and who approves those requests. There's also an auto-approval option for low-risk scenarios.
Access Reviews
Access Reviews uses AI to help users stay ahead of risks and automate what's typically a manual process. I designed intuitive flows for two key roles: campaign owners who set up reviews, and reviewers who evaluate access. This structured approach also creates an audit trail that compliance managers need for governance.
Results and Impact
ReShield was adopted by customers including WebEngage, Sanas, and KFintech during beta phase and got acquired by Rubrik in 2025!