That technology isn’t always affordable for midmarket companies, which typically have $50 million to $1 billion in annual revenue and anywhere from 100 to 5,000 employees.
For that reason, midsized IT departments are making the most of network access controls (NAC) offered by their technology infrastructure providers, including Microsoft and Cisco Systems Inc. Those companies recently unveiled plans for more interoperability between their network access control technologies.
Meanwhile, security vendors are trying to entice the midmarket with cheaper authentication tools that are more scalable for growing companies. Mid-sized companies have some unique challenges when it comes to ensuring users are who they say they are and that network access is limited to what their jobs require.
But no matter how good the technological controls are, industry experts agree that midmarket IT professionals won’t be successful at ID and access management unless they educate their users on smart computing habits and convince their bosses of the importance of security.
“Midsized customers are telling us they want smart cards, tokens and two-factor authentication, but they want the benefits without the cost,” said Greg Wood, BioPassword’s VP and CTO.
Overcoming cultural challenges No matter how good their identity and access management technology is, midmarket IT managers won’t be successful unless they have the support of top executives and everyone obeys the written security policies, said Jonathan Penn, an analyst with Cambridge, Mass.-based Forrester Research.
Penn said it’s up to IT professionals to help their bosses understand what’s at stake. “What works is when IT professionals talk about this in terms of risk,” Penn said.
Scalability is certainly a factor for Keith Gosselin, IT officer for Biddeford Savings Bank in Biddeford, Maine. With 72 employees and $12 million in revenue last year, the bank doesn’t fit the criteria of a midmarket company. But the company hopes to grow in the next three to five years, Gosselin said, by opening new branch offices and attracting new customers. Beyond that, Gosselin shares the view of many security professionals that companies large and small can no longer afford to carry on with basic passwords.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1222601,00.html