Maximizing Value from Self-Service Support Tools

May 8, 2017 Kass Singh

Find out the two elements to a successful self-service support tool implementation

Implementing a self-service support tool doesn’t guarantee that your user community will utilize it. The most successful self-service support tool implementations have two elements in common: they make it easier and they eliminate vs. automate where possible. Here’s how to do both to ensure your implementation is a successful one.

Make it Easier

The best measure when it comes to determining ‘easy’ is comparing it to the alternative support options, like phone support. The better your IT phone support response and resolution times, the simpler and easier your self-service tool needs to be in comparison if your goal is to shift the workload. 

To minimize the risk of enabling self-service support, we often see that the process applied to the tool is more complex than the process used by the phone support staff. This results in the user choosing the easier option.

One of the most common service desk self-help tools are password resets. We see adoption levels ranging from less than 10 percent to more than 90 percent with these tools. The most common deterrents to adoption are the time and effort to register and the proof of identity verification process.

  • Registration – Where it’s possible, negate the need for users to register for the self-service tool or simplify registration as much as possible and make it mandatory.
    • Explore options to auto-populate information about the user from your corporate systems to auto register their POI (proof of identity) questions and answers (e.g. employee number, mother’s maiden name, etc.). Give users the option to select other questions and answers, but on default, use the information you already have about them. Another option is to allow users to enter their old password as a way of verifying their identity.
    • Where you can, consider using other forms of POI, such as biometrics or alternate emails/phone numbers to issue one-time access codes.
  • POI Verification Process – It’s true that the more creative your POI questions are, the harder they’ll be to guess. But more creative POI questions also make it much more likely that the users’ answers will be harder to remember. Easier, fewer, and more memorable POI questions help user adoption.

Eliminate vs. Automate

Reviewing your business policy could increase the user adoption of self-service support tools and/or reduce or completely eliminate the need to request the service altogether. 

  • Reducing Need to Request Service - When we look at user behavior trends for self-help password reset tools, the most common patterns are users forgetting their new password shortly after they change it or following a holiday. We’ve been able to significantly reduce the need to reset passwords by reviewing the password change frequency (e.g. changing from 30 days to 90 days by increasing the password complexity to offset risk) and increasing attempts before lockout. To ensure you do not increase your risk posture, you can send a notification to the user’s phone and/or email address to ensure it was them that had the failed login attempt.
  • Eliminating the Need to Approve and/or Request Services - Explore options to eliminate the need to approve the requests and/or negate the need to request the service in the first place. For example, if your license model for a specific application relies on concurrency, do you really need the user to fill in a form and/or require an approval step for a user to install it? Can you apply role- or group-based access profiles to negate the need for your users to request access to folders or applications?

When approaching automation, reviewing your business processes and applying ‘just enough’ risk control measures are key to success. Consider shifting your approach from a 'grant by exception' to a 'trust but verify' model.

Users can get very creative to work around policy restrictions applied to their IT devices. The tighter the controls, the more creative people get. When you shift the focus to informing users so that they understand the consequence of their actions and give them a choice to proceed, most people will choose to do the right thing. 

Invest in advanced monitoring tools including the use of advanced analytics to protect your environment and create a better balance of empowering your user and restricting access. There is no silver bullet here. It requires regular review of the IT policies and restrictions you have in place and tweaking the balance on a regular basis as part of your Continual Service Improvement (CSI) program.


Kass Singh

Kass is based in London and is the Chief Technology Officer for Leidos UK/Europe. She has more than 20 years of experience in the IT industry and has held senior management roles in both the private and public sector.

More Content by Kass Singh
Previous Article
Meghan Good wins WIT's 2017 Technical Leadership Award
Meghan Good wins WIT's 2017 Technical Leadership Award

Leidos Cyber Solutions lead Meghan Good recognized for her accomplishments in the technology industry at th...

Next Article
Justin Lachesky has #DefenderDNA
Justin Lachesky has #DefenderDNA

Justin, the lead analyst for security intelligence, shares how tenacity and a thirst for cybersecurity know...