Skip Navigation

Thought leadership from SAI to accelerate your performance

Systems Alliance Blog

Opinion, advice and commentary on IT and business issues from SAI
Keyword: it strategy

Imagine you are an end user for a complicated application. You find yourself stuck - unable to finish your work because you’re unfamiliar with the operation you’re trying to perform. What resource would you turn to for help?

For most users today the next step involves a search bar – whether it’s a purpose built in house tool or the ubiquitous Google. They grab only the information they need to complete their work and move on.

Now put yourself on the other side of the table as the vendor.  Is the knowledge you just gave the end user a product of just in time training or is it application support?   If the content and the means of delivery are exactly the same, does it really matter what you call it?


Two Sides of the Same Coin 

The only clear way to draw contrast between these two processes is the delivery timing.

Training is effectively Support that’s being delivered before users know they need it. It is the proactive introduction of information to end users before they understand enough to know what to ask. This needs to be delivered when users are learning for the first time or when there have been substantial changes in the way they utilize your products or services.

Support, delivered well, becomes both problem resolution and just in time training that happens to reinforce or refresh the user’s knowledge. It is the reactive delivery of information provided when users request it. With shrinking attention spans, it can often be difficult to recall every component of training after it’s been delivered.  Reinforcing previously learned material to apply knowledge, understand a change, or resolve an issue (self-help) would fall under support.

Three Things to Consider

In the emerging world of “Customer Success”, distinctions between training and support are subsumed into the greater objective of satisfying your customer’s requirements at the right time (right now) and making it as easy as possible.

With traditional training and support models being disrupted as they crash into one another, it’s important to start thinking about how your organization delivers content to end users. Here are three things to consider:

1.       Do you have the right tools?  Let’s jump back to our search savvy end users. Their expectations are high when it comes to tools.  If your tools aren’t as easy to use and as fast as the Google Search bar, they’re going to look elsewhere. If they’re not using your tool, is the information they get going to be accurate? Will that hurt your relationship with the customer?

At the same time, as your customer base grows, scalable and asynchronous delivery is generally cheaper to provide than a one on one interaction with the customer success team.  This doesn’t mean you can skimp on content or launch a poorly thought out self-help tool.  Substantial investments are still required to plan and execute or you’ll end up spending on both as users give up on using your self-help tools and call for help.

2.       Is your content structured correctly?  Boring, lengthy, and dated content that requires a substantial investment of users’ time is out. Short, informative, and search indexed content that is built for “microlearning” is in.  Give your users what they want and nothing more.

3.       Does your “training” inform your “support” and vice versa?  Your model has to be flexible enough to allow a continuous feedback loop. Input directly from end users as well as reviewing trending data from your ticketing system can drive improvements and help you determine what is the most important content to add, highlight, or refresh over time.  Failing to adopt an agile approach will decrease the value of the content over time.

Interested in learning more?

Ready to jump in and figure out how to better serve your end users?  Check out our website at to find more IT Strategy and Operations insights or visit to learn how the Acadia Performance Platform is providing critical content to drive effectiveness at organizations like Mohawk Industries and Anheuser Busch InBev.​


baseball stadiumThe New York Times reported yesterday that the FBI is actively investigating the front office of the St. Louis Cardinals for illegally accessing a rival team’s computer system.  While this must be the strangest sports scandal since Deflategate, it is also the most high profile case of “high tech” corporate espionage that doesn’t involve a nation state actor.

Per the NYT, “the intrusion did not appear to be sophisticated” according to law enforcement officials.  The Astros executive whose credentials were compromised previously worked for the Cardinals. Cardinals staff allegedly used his old password to get into a new system that he built in Houston.  

This incident provides a number of lessons learned. The most obvious being to never commit a federal crime from your home computer unless you are interested in taking an all-inclusive vacation at the nearest federal detention center.  Here are 3 more you should think about:


If you use the same password more than once and it gets compromised, the damage can be substantially worse.  Let’s imagine a scenario where a hacker gets access to one of your accounts.  That’s bad but at least it is contained to that website or application.  

Now let’s say that your password is the same on every other system you use.  Exploiting passwords stolen from one site against others is a very common practice amongst cyber criminals. Now your bank, online brokerage, social media accounts, luggage, etc. are compromised too.

Now let’s imagine a worse scenario.  One of your employees just had their accounts broken into and they are now busy picking up the pieces. According to a 2014 study, “one in five Americans reuses the same username and password across their personal and business accounts”.  That same study revealed that “73% of US Full-time workers admit to reusing the same batch of passwords online”. You probably are not feeling lucky right now.


According to media accounts, the database built for the Astros was designed by the same executive and was substantially similar to that of the Cardinals.  While the credentials used to exploit this system were the executive’s old passwords, since they were known outside of the organization, this is analogous to leaving the vendor’s default password configured.

What’s the last piece of equipment you bought for your IT department? A quick Google search will reveal the vendor’s username and password to anyone with an internet connection.  If you put it online and never changed that password, you are taking an enormous risk.  According to a 2013 Verizon study “about 90 percent of successful breaches analyzed by Verizon started with a weak or default password, or a stolen and reused credential”.  Changing those defaults is common sense.

The same goes for those logon passwords the IT department gives you.  Do you really think that they haven’t used the same “P@ssw0rd2015” for the last 20 people who asked for a reset?


While many data breaches come from outside, insiders can be just as dangerous.  People who know you and your systems probably understand their weaknesses.  In the baseball hacking scandal, it was allegedly paranoid and vengeful ex-colleagues who broke the system.  In a more famous case, it was an employee motivated by political views who leaked sensitive data.

Insider threats also include outside parties that steal credentials held by privileged individuals like your IT administrators and executives.  Making sure that they are aware of how to protect their credentials is critical.  The days of CEOs having passwords written on post-it notes must stop. Ensuring compliance with your IT policies and procedures is arguably more important for privileged users than it is for rank and file employees because their access to sensitive data is often greater.

The best defenses against insider threats are common sense best practices.  That includes a logical separation of duties and insisting that network activity is logged and audited.  Fewer than 60% of organizations are doing this today but it has been identified as a key behavior in quickly identifying malicious activity.

They Are Called “Best Practices” For a Reason

Jumping back to the baseball hacking scandal, the Houston Astros appear to be the second dumbest team in baseball, rivaled only by the team that “hacked” them, the St. Louis Cardinals.  As Deadspin so blithely pointed out, “What makes the St. Louis Cardinals hacking scandal really great, aside from the fact that it involves the St. Louis Cardinals, is that it could not have happened if everyone involved hadn’t acted as stupidly as possible.”

If you’re reading this and aren’t sure about your organization’s IT security practices, maybe now is the time to start asking questions and reduce your risk exposure to avoidable problems. 

Not sure where to get started?  SAI can help.

Wondering what to do if you find yourself having to deal with a data breach?  Standby for our next post from SAI’s CTO Josh Crone.

Sep 2016