Most large (and some mid) companies employ a SmartCard of some kind for access to the building. Adding a smart card with a chip then help authenticate getting into the building and (with certs on the chip/card) auth the user onto the network and provide for digital signatures and encryption. Most companies also have a policy governing levels of protected information and how it is shared. There is a bit of 'heavy lifting' as far as implementation and it would come down to how much risk is acceptable. I have worked in both environments and hybrids in-between. SmartCard logon as building ID is the smoothest and easiest for the user as well since a single PIN is needed with the SmartCard. With most people familiar with Bank ATMs, this should be a no brain-er