Mid-market IT leaders explain why security policies fail in practice—and how execution gaps, automation limits, and tooling sprawl create risk.
Table of Contents
Most security policies don’t fail because they’re wrong.
They fail because mid-sized organizations struggle to execute them consistently.
This is especially true for companies in the 200–2,000 employee range—large enough to face real security risk, small enough to avoid heavy security stacks, and often operating with lean IT and security teams.
What Mid-Market IT Leaders Are Seeing in Practice
Over the past year, we’ve spoken with Zenphi’s customers — dozens of IT directors, CISOs, and cybersecurity leads across mid-sized organizations that represent various verticals — like CIT Clinics (healthcare), Metropolis Technologies (IT & services), Kairoi (construction & real estate), Tabby (banking and financial services), Protea Wellness (fitness & wellness), Emerson College (higher education). We also talked to larger enterprise customers that utilize Zenphi mostly for IT Ops automation (Gordon Food Service, Action Behavior Centers, Google itself).
In parallel, the Zenphi team ran live polls during a series of webinars organized in collaboration with The Hacker News in Q2 2025, surveying more than 500 IT professionals responsible for enforcing security policies day to day. We also validated these findings with seasoned cybersecurity practitioners, including Ben King — former Google employee and now cybersecurity consultant.
Across industries and tooling choices, the message was consistent.
Most teams feel confident about their security intent: least-privilege access, controlled exceptions, timely deprovisioning, audit readiness. Where frustration surfaced—repeatedly—was execution.
Policies existed. Tools existed. Enforcement was uneven.
The #1 Automation Solution For Google Workspace Admins
Zenphi is the must-have tool for Google Workspace Admins that enables your team to build granular automations, trigger processes from any event in Google Directory, Group, Workspace itself or Google Audit event, integrate your own scripts — all without the headache of debugging and maintaining code.
The Mid-Market Security Reality: Too Big for Manual, Too Lean for Heavy Stacks
Organizations in the 200–2,000 employee range tend to land in a very specific operating model:
They are large enough to require automation. Yet, small enough to avoid heavyweight security platforms.
What emerges is a hybrid reality:
- Tickets and hand-offs for access changes
- Developer-owned scripts that work until they don’t
- Spreadsheets for tracking exceptions and approvals
- Platform tools like Okta, Microsoft Entra, or BetterCloud for specific SaaS controls
- Some cloud-native enforcement through Google Cloud or AWS identity services
Individually, these tools are useful. Collectively, they create fragmentation.
Why Security Policy Enforcement Breaks Down
In this hybrid model, the weaknesses show up quickly:
- Policy execution varies by system and team
- Exceptions outlive their original justification
- Audit evidence is assembled reactively
- Human latency is introduced at every hand-off
- Context is lost between tools
This is rarely visible on a dashboard. But it is exactly where incidents, audit findings, and internal security failures originate.
The problem isn’t that teams don’t know what to do.
It’s that enforcement depends on too many manual steps and brittle integrations.
Can More Or Better Security Tools Fix Execution Gaps?
When execution gaps appear, the instinct is often to add tooling. Another SaaS. Another script. Another policy.
Over time, this approach creates its own form of brittleness. Automation becomes rigid. Changes require rework. Ownership blurs. Exceptions multiply. Instead of reducing risk, the environment becomes harder to manage and understand.
Recent real-world incidents illustrate this risk vividly. In one reported case, an IT director discovered a junior developer had copied more than 200 customer records — including emails, phone numbers, and purchase history — into ChatGPT to “help debug a SQL query,” without understanding the sensitivity of the data or the implications of sharing it with an external generative AI service. The only reason the exposure was caught was because the director happened to walk by the developer’s screen; there were no alerts, blocks, or automated policy checks in place to flag the behavior.
This example isn’t about poor intentions. It’s about a gap between how a tool is used and how it should be governed and enforced. Additional security or automation tools may generate more logs, more alerts, or more playbooks, but they don’t inherently close execution gaps — especially when new kinds of tooling (like AI assistants) create entirely new vectors for human error and data leakage.
Many teams we spoke with described environments where automation technically existed — but maintaining it consumed as much effort as the manual processes it was intended to replace. At that point, automation stops reducing risk and starts adding operational debt.
The Missing Layer in Mid-Market Security Operations
This is why a different approach becomes necessary. You don’t need a new SIEM, IAM, or SOAR platform. What you need — is an operational automation layer. Solutions like Zenphi won’t replace security tools like Okta, BetterCloud, or cloud-native identity controls (though, Zenphi is successfully used as BetterCloud alternative for employee offboarding and onboarding by many mid-market organizations). Instead, it acts as an operations automation layer that focuses on execution. Zenphi helps teams:
- Execute decisions consistently
- Enforce policies rather than just logging them
- Work directly on top of Google Workspace and Google Cloud
- Produce deterministic, auditable workflows
- Reduce reliance on people for repeatable, security-adjacent tasks
This complements existing security tooling by making enforcement reliable.
Where Operational Automation Delivers Real Security Value
From what we see, for mid-sized organizations, the highest-impact use cases tend to be:
User access lifecycle enforcement (onboarding and offboarding in Google Workspace)
Policy exception gating and approval workflows
Automated documentation and audit evidence collection
Consistent execution of policy-driven actions
Connecting security and IT tools without custom code
This creates a pragmatic operating model that reflects reality:
People + security tools + operational automation workflows
Not a heavy SOC.
Not manual enforcement.
But consistent execution where it matters most.
What This Means for Mid-Market Security in 2026
As highlighted in the Cybersecurity Forecast 2026, attackers increasingly exploit operational gaps rather than missing controls. AI-driven activity, identity sprawl, and faster attack cycles amplify the cost of inconsistency.
For mid-sized organizations, resilience will not come from adding more tools. It will come from reducing execution variance—by enforcing decisions quickly, predictably, and with clear accountability.
Security doesn’t fail because teams don’t care.
It fails where execution can’t keep up.
Want to explore this further?
Download The Google Cloud Cybersecurity Forecast-2026
Dive deeper into how operational weaknesses are being exploited—and what organizations need to prepare for next.
Vahid Taslimi, CEO @Zenphi
Vahid Taslimi is the CEO and Head of Product at Zenphi. Previously, he served as Vice President of Product at Nintex, and a Solution Architect at Emirates. His perspective is shaped by years of building automation platforms and deploying them inside large, real-world organizations—where execution, governance, and operational reliability matter as much as innovation.
