Are Personas Obsolete in the App or Web world?

As people learn advanced product management, they try to solve more complex product problems. Now a common problem that is cropping up in the SaaS or app world is the identification or creation of personas. But given the massive amount of usage data, and the quality of real time analytics and artificial intelligence today, are they really necessary?


Personas are a commonly used tool by product managers and product designers, to denote a fictional user of a software or a set of features. Rather than making assumptions about feature usage, you identify a set of users with similar needs, who will use the software in a particular way. Based on this set, you create a fictional persona, which is then used to validate any new feature idea.
If you attend any product presentation or work with UX designers they will identify personas for their work.

There are many videos on YouTube, such as this one, that also talk about personas, how to create them, the value they add and so on.

Personas: Good or Bad

So there are both sides to the story.
On one hand, there is a detailed blog post on the Adobe blog. It talks about how they use personas for design and why they are important. Given the prominence of Adobe in the design world, this is a strong perspective.
On the other hand, this post on UX Collective, talks in detail about why personas have limitations, and where they stop adding value (Why is the 'college' of a persona important? What happens to users who attended thousands of other colleges?).
And the Neilsen Norman group (world famous in UX domain) also has an article titled "Why Personas Fail" that talks about the challenges in using personas. As you gain more experience in using personas, you will definitely encounter such challenges.

The Bottom Line

There are both pros and cons to using personas. However, the tools to track usage and user engagement have improved to such an extent, that you can see in real time what an actual human using is doing, filtering out data about bots and other automated tools. This is particularly true for B2C tools for apps and websites. And if you have the resources, you can invest in an analytics team that can offer detailed insights into every significant interaction or engagement of any user. In fact, for a product manager, I would recommend that they get certified on Google Analytics, rather than on any UX tool used to create personas.
As a product manager, you can still use personas to suggest new features and engagement (use cases), however the validation of features already released is better understood by using data and tools, rather than referring back to the standard personas.

SaaS API Security and Management – Impact of Cloud Access Security Brokers (CASB)

[This is a mildly technical post, intended for product audiences]

So your firm launched an app for tracking stock market data in different countries, and it has received a lot of traction (downloads, usage and other metrics). After a while, the app has done really well, and now your business is expanding to cover more and more use cases. This is also important for monetizing your app.

However, a key use case identified by the Product Manager (PM) is of transferring data to and from business partners using SaaS APIs. It could be for sharing reports, financial information, security information or other data. And it so happens that the partner's data center resides in the cloud in another country, geography or region, with it's own rules for data access.

Well, the personas, features and access rules you created for your own tightly controlled app may no longer be enough. You will need to understand the rules of access, and the scope of data sharing that is possible and permitted. Based on that, several addition features may be required to manage data access of your partner.

Let's continue with the example of the stock market app. Here are 3 use cases:
1. Your partner collects user information to share specific data of based on list of that users tracked stocks
2. Your employees needs to access the user's bank balance details to share top recommendations for investment
3. Your partner needs to aggregate your user data with similar apps users to improve its own performance
And in many such cases, the role of CASB (Cloud Access Security Brokers) is gaining prominence.
One key function they perform is to manage secure access to such data, based on policies, roles, rules and other heuristics.

Now even if a PM is a functional or domain expert, she still needs to understand privacy, security and access management to define the best use cases within his app. Otherwise, such use cases will be termed as "technical" and the architect will define these. [I do not recommend this approach, as the PM should be the best judge of use case quality, usability and app metrics.] In large firms you will have PMs looking at security and privacy, however they have their own priorities in the organization.

Here are some guidelines for data transfer across domains, clouds, companies or countries:
  1. Read what the CASB's are writing about their products. Netskope has it's website and so does Oracle. This gives insights into what is possible in terms of new features.
  2. Have a Data Processor Agreement in place with all partners. Either the legal or the business development team should take point for this, however empowered PMs or Directors can also lead this effort.
  3. Talk to your platform teams, including PMs and architects to understand what is currently possible and what new features are on their roadmap.
  4. Create partner personas, cloud personas and other relevant user types (including employees and admins). When adding features that use SaaS APIs, it gives a lot of information to the testing team to ensure compliance with business laws and requirements.
Enterprises never develop apps in a vacuum, there is always an existing IT infrastructure and applications (which may be in public, private or hybrid clouds). By understanding SaaS data transfer and CASBs, you can improve your apps, whilst making them more secure and usable.

[Reach out to me on LinkedIn if you would like to discuss more]