How Suzy governs access to its expanding IT infrastructure using ConductorOne

An up and coming market research firm

Suzy is a consumer intelligence platform that brings data, analyses, and high-quality audiences together to help companies make better, data-driven decisions. Since its founding in 2018, the company has experienced remarkable growth, serving more than 400 customers across 22 different industries, including notable brands like Twilio, Shopify, and ServiceNow. In 2021, Suzy announced that it raised $50 million in Series D funding and surpassed $25 million in ARR.

Meet Ray Mowatt, IT Operations Manager at Suzy

This rapid growth meant that Suzy’s IT team has its hands full. The team is responsible for ensuring Suzy’s workforce has access to the technologies they need to do their jobs successfully and efficiently while maintaining security and compliance. 

Ray Mowatt joined the company in January 2021, reporting directly to Suzy’s SVP of IT and Security. At the time, Suzy’s IT team was focused on onboarding employees and applications as rapidly as possible. In addition to owning Suzy’s central help desk and IT workflows, Ray was also tasked with conducting security reviews for compliance.

Time-intensive audits to govern an expanding ecosystem

As Suzy’s workforce and technology ecosystem grew, the company increasingly relied on periodic user access reviews to reduce the risk of privilege abuse and maintain compliance with ISO 27001 and SOC 2 requirements. “The more apps you onboard, the more insecure you can potentially become,” Ray says. “We’re constantly in audits to make sure that Suzy is as secure as possible from an IT and security perspective.”

User access reviews were becoming increasingly difficult to manage, requiring IT to go through individual applications to pull all of the necessary user data. With 50+ in-scope applications, the labor-intensive process took up to two weeks every quarter.

ConductorOne’s extensibility and suite of integrations impress

Ray saw an opportunity to get time back for IT to tackle projects that would help Suzy achieve its business objectives. “Onboarding and setting up new technologies, training users – these projects that improve collaboration and communication should be the priority in the queue,” Ray says. “Spending hours going through every app to figure out who can access what is not ideal.”

“We were drawn to ConductorOne because of its user-friendly interface and its integrations,” Ray shares. “The growing list of integrations was especially appealing to us. Plus, being able to import data through CSVs for back office tools.”

A major productivity and security win

When Suzy purchased ConductorOne’s Access Reviews product in August 2022, Ray began revamping the company’s review process. During onboarding, ConductorOne’s usability shone. “It’s easy to use, which makes me want to spend more time in the application,” says Ray. User lists and roles for in-scope applications are easily pulled into the ConductorOne dashboard, and reviewer notifications and reminders are automated. 

Setting up new integrations can be done within 30 minutes, allowing Ray to move on to the next task quickly. “Everything is lined up – the data and reporting can be passed to leadership and auditors. It’s available for evidence in the future,” Ray says. “And the support is amazing. Honestly, the support is the best part.” 

More recently, Ray extended ConductorOne access to Suzy’s GRC team. “Getting that visibility into user access and the automated reporting is huge,” says Ray. “The report export is fire. It’s well-organized. It’s a good sign when auditors come back to you and say, ‘Can you do this exact same report but for this other quarter?’ We get to have that consistency.”

With ConductorOne’s automated workflows and suite of integrations, Ray streamlined Suzy’s quarterly user access reviews. The process to prepare and launch reviews – which previously took two weeks – can now be completed in two days. “We can point to ConductorOne and show offboardings – show that access went from active to inactive, all in one place,” says Ray. “It gets us better security from controlling access when combined with our IdP, and more productivity from the time savings for satisfying evidence requests.”

Suzy streamlines processes to power innovation

Today, Ray and Suzy’s IT team can focus on projects that propel the business forward. “Our goal is to automate as many processes as possible so we can spend more time partnering with other teams on larger initiatives or improving workplace technology,” Ray says. “Instead of worrying about the backlog of individual tickets for access reviews.”

For Suzy, having ConductorOne onboard means being able to scale its IT infrastructure securely and efficiently. “As far as the benefits we’ve seen so far in time savings and productivity, ConductorOne really doesn’t have a peer,” says Ray. “It’s been wonderful.”