Policies and policy enforcement are only as effective as the education that goes along with them. When policies appear arbitrary and capricious, you can bet the average well-meaning user will skirt them--often with the enterprise's best interest at heart. And therein lies an important fact that virtually every one of my crazed letter-writing "fans" seems to have missed: Your users want the same thing you do--they want the enterprise to succeed through their good works. So if the sales team in Cleveland starts using Yahoo Messenger to communicate with a support team in Atlanta, perhaps IT's first move shouldn't be to slap them down for finding ways to advance the company's cause.
IT often makes the mistake of thinking it must support every application used by any employee. Again, that's a fundamentally flawed proposition. If your users have access to the Internet, clearly they're using loads of applications about which IT has no knowledge. However, the fact that those apps are delivered in a browser seems to make all the difference in the world.
Perhaps IT's goal should be to offer a safe environment in which users can run Windows-based applications with no more oversight than that required for browser-based apps. Perhaps the goal should be to apply the same sort of defense strategy to the desktop that we apply to the browser. Couldn't there be a way to protect enterprise applications from end-user apps--say, through virtualization? And maybe, just maybe, if you educate your users about what makes a safe application and what doesn't, they'll help you out. Just as most corporate Web users know enough to stay away from shady Web sites, I'll bet with your support, your users will figure out which applications are safe and which are not. Art Wittmann is editor in chief of Network Computing. Write to him at firstname.lastname@example.org.