Todd Towles has been around the block enough times to know that regardless of a company’s size, IT administrators must always authenticate users and keep tight control of their network behavior. Otherwise, malicious people will have little trouble stealing sensitive information, which can all too easily be used to destroy the company’s reputation or commit identity fraud against customers. Towles is an IT security consultant who today works for a large financial enterprise, but most recently worked for a retail chain closer to the midmarket with about $2 billion in annual revenue and 12,000 or so employees. In both environments, he said, IT managers must always reevaluate the resources that users are able to access. But global enterprises have more money to spend on controls like two-factor authentication, smart cards and tokens.