In the midst of those prosperous and sleepless years, Johanna sensed she was reaching the limits of what this path could provide, and that boundary made her eager for fresh challenges. Like every successful entrepreneur preceding her, Johanna thought about (albeit somewhat reluctantly) charting a course entirely of her own making. “My professional career was in a great place, but I was looking for additional growth. I was petrified to claim the opportunity but decided to roll the dice,” she recalls. So, in 2005, Johanna founded Strategic Security Solutions (S3) as an independent endeavor, without any partners, employees, or funding, and with just one client. “Although I started by myself, I had a vision for what I wanted S3 to eventually become,” adds Johanna.
That vision was for S3 to transform from a service provider of SAP Basis, SAP Security, and Application Security, into a strategic consultancy covering all aspects of accounting, auditing, enterprise governance risk and compliance (eGRC), and identity governance and administration (IGA).
At the core of Johanna’s vision is a people-first culture driven by four core values: transparency, integrity, intellectual curiosity, and collaboration. “Although I enjoyed my time working for large solution integrators such as Ernst & Young and Capgemini, I wanted to create a boutique environment where employees were empowered to be innovative, curious, and find the optimal work-life balance,” says Johanna.
Today, S3 employs its diverse team of accountants, auditors, technology experts, and sales professionals as “a competitive advantage” in delivering topnotch information security consulting services to an esteemed clientele including The Coca- Cola Company, Honda, TreeHouse Foods, Kohl’s, and Bain Capital. Johanna adds, “Besides our advantages on the technological front, our biggest strength is our collaborative spirit. In a space where it is all about identity and technology, we unite our team, our client’s team, and several vendor teams, to deploy a people-first holistic solution spanning the entirety of the solution lifecycle.”
Evolving with the New Dynamics of IGA
Since its inception, S3 has forged strong ties with leading technology vendors and implemented a vast breadth of solutions including the entire SAP suite, multiple eGRC and risk tools, adaptive authentication solutions, and IGA tools and solutions. Team S3 takes a tool agnostic approach to assess and provide customized solutions to meet a client’s short and long-term needs.
S3 relies on its intrinsic collaborative spirit to execute technology implementations and durable Identity Governance and Administration (IGA) services. Since IGA initiatives are pervasive, and require committed client engagement across the enterprise, S3 goes out of its way to partner with customers to deliver services that stand the test of time. “Using traditional implementation techniques, it is difficult to show quick wins within just a few months of engagement. Our strength lies in our innovative approach and collaboration through the IGA journey by helping our clients achieve incremental wins and sustainable long-term results,” explains Johanna, before adding that unlike some of its competitors, S3 does not “implement technologies and escape the scene.”
Governance is a constantly evolving endeavor with every high profile data breach bringing a new round of reactionary laws and compliance regulations, left largely open to interpretation. A key differentiator of S3 is its deep-rooted knowledge of the evolution of enterprise governance.
As the labor market continues to shrink, we must identify the next generation of tech resources that have interest in the field of governance and identity
When S3 launched in 2005, governance initiatives in most corporations did not include processes to govern identities, HIPAA was a long standing veteran in the compliance world and PCI had just been unveiled. Even the most progressive firms of the time considered identity governance merely as “an audit tool” and not an integrated solution that could demonstrate long term value. Over the years, enterprise governance has evolved to a point where identity is a focus as seen in the numerous privacy laws such as GDPR and CCPA. Today, organizations must protect their data, resources, physical and informational assets, and automate critical regulatory and operational activities. Compliance is no longer a ‘check box’ activity as organizations are being required to show their work in order to demonstrate sound data stewardship practices.
So, how exactly does S3 go about determining a solution most appropriate for a client?
Tactical Plans for Long Term Business Goals
Every S3 engagement begins with an assessment to examine the client’s unique policies, procedures, internal organization, and application portfolio to identify specific areas of strength and risk. Engagement managers then partner with the client to develop their IGA vision, long-term strategy, and to develop a tactical technology roadmap to achieve that vision over time. “Even before the technology, we demonstrate value by designing the IGA strategy and organizational framework for its success. This is critical since the program must align to a client’s business goals and directly support their financial targets. It must scale for the future,” informs Johanna.
Developing deep knowledge of the organization, independent of the technology, is crucial for S3 to provide insights that help its clients develop the internal talent required to sustain the technology solutions, and grow the platform.
“When you implement a governance program, you need human resources to keep the solution up-and-running. However, there aren’t enough available resources. We solve this pain point by offering technology solutions that suit a particular company’s resource pool,” says Johanna. S3 actively partners with its clients to support emerging talent in the organization to ensure success of its IGA program in the long term.
Once a client’s current state, future vision, and roadmap are defined, S3 partners with the client to determine the appropriate technology solutions. These may involve on-premise or cloud based technologies.
The technology deployment is “the easy part,” according to Johanna, since the steps that precede it are more critical to a successful IGA program. “While most IT teams are more worried about the technology implementation, the operational aspects are critical to help organizations minimize their risks effectively and compliant in the long term. We have always abided by this strategy.”
S3 strives for a holistic approach that “cuts across all the services,” and includes a number of technology implementations. “We don’t offer cookie cutter solutions, and believe in total flexibility, delivering the services the way our clients need to receive them,” adds Johanna.
In focusing on the unique needs of the client, S3 crafts solutions that bring true value through effectively partnering with technology vendors and its clients. Says Carrie Bender, Manager, IAM Delivery, “other companies sell what they want to offer even if it’s not the best solution for the customers. For us, selling a solution is not a mere business transaction. It is the practice of bringing true, sustainable value to clients.”
Regardless of the service rendered, S3 strives to “keep each deployment lifecycle short,” with well-defined KPIs and metrics that demonstrate value to a client soon after go-live. “Once a client sees the value in transitioning from a manual procedure to an automated one, they return to integrate additional applications or implement more functionality,” explains Johanna. S3 offers post-deployment support through enhancements and is constantly looking for ways to help the client realize their return on investment.
A recent engagement with a retail giant confirms that S3’s approach brings results. Before approaching S3, this client struggled with managing access for their extensive, geographically disbursed, and diverse workforce. To compensate, they increased their IT footprint, however the additional technology served as a band-aid, and not a long term solution.
S3 stepped in and after a full assessment, successfully deployed IdentityNow, SailPoint’s IDaaS solution, and significantly reduced the client’s turnaround time to onboard and offboard its distributed workforce. “It was a great experience for us to walk the client through their business problems, highlight the core source of the issues, and find the appropriate solution,” recounts Johanna.
"We don’t offer cookie cutter solutions, and believe in total flexibility, delivering the services the way our clients need to receive them"
This success story is one of many that S3 has engineered for clients across industries—ranging from healthcare, automotive, retail, and manufacturing. In recent years, S3 has sunk its teeth into other highly-regulated industries such as financial services and higher education. Johanna elaborates, “historically, our clients have had a broad SAP footprint, and our technology background and IGA integration depth in that space really helps in that regard. However, we support a vast array of non-SAP customers as well.”
Empowering Women as a Core Competency
To Johanna, empowering women in the technology market is a critical competency of the firm in which she takes the most pride. S3’s myriad of flexible work policies and accountability culture support women who wish to return to a technology career that they may have opted to leave due to the challenge of managing it alongside managing a growing family.
“A lot of women have tremendous skills to offer but either gave up or paused their careers for their families. It’s important for us to buck that trend.”
Offering experienced women a family-friendly alternative to return to the workforce is only one arm of S3’s staffing strategy. Johanna maintains that a continued focus on identifying new talent through university outreach programs is also critical to the firm’s success. “As the labor market continues to shrink, we must identify the next generation of tech resources that have interest in the field of governance and identity,” adds Johanna.
As the threat landscape evolves, Identity and Data Security are an organization’s first and last line of defense in preventing accidental or improper disclosure of sensitive data. S3 will continue to evaluate the available tools and services required to deliver best-in-class solutions to its clients. S3 will keep close tabs on the impact of disruptive new technologies such as machine learning and AI on IGA and eGRC. Already sitting on the advisory board of several technology companies and an ally of Gartner, S3 is closely aligned with a few private equity companies that introduce new advancements. Johanna says, “We believe self-sovereign identity, AI, and connected cities will play a crucial role in advancing the next level of Identity Governance requirements.” S3 is excited about this revolution and driving the deployment of rapidly advancing technology.