Altius Information Technologies is aiming upstream and has retooled its existing risk assessment offerings to target midmarket firms with between 100 to 1,000 employees.
The vendor has previously focused its AssessIT Risk Assessment services on smaller companies. The services focus on basic building blocks, such as anti-virus, tape backup and other basic levels of protection.
However, Jim Kelton, president of the Santa Ana, Calif.-based company, said smaller companies don’t have the same pressures, or are held to the same standards, as companies with revenue between $80 million and $200 million.
“We found that companies of this size have bigger challenges because they may have large clients that may be mandated to comply with Sarbanes-Oxley or other initiatives and that is pushing large company requirements down to these companies,” Kelton said.
To address the needs of these companies, Altius IT has developed a suite of turnkey solutions that analyze risk in the areas of technology systems, people and processes/procedures.
“Any one of these areas can create risks for an organization, so we deal with all of them,” Kelton said. “A company can have a password policy on the server that says passwords will expire every 30 days, for example, but if people are writing down passwords on Post-It notes, they are still at risk.”
The first step in the risk assessment is determining how well the company’s executives understand their business processes. “That’s important, because customers want IT expenditures to be allocated to critical business processes instead of spread across the board,” Kelton said.
Once the risks are identified, the assessment moves to evaluating the controls the company has put in place to manage the risk.
Although the market for providing risk assessment to companies of all types and sizes is a crowded one, research has found that the midmarket space is still ripe for solutions.
A 2005 Forrester Research study found that larger companies in the SMB space were much more likely to purchase IT security assessment planning and consulting services than smaller companies. What’s more, Forrester found that many companies simply don’t have good enough measurement and reporting capabilities, perhaps creating an opening for companies such as Altius IT.
Pricing for the Altius offering varies with the scope of the project, but starts at about $10,000.
Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK’s Security Watch blog.