In a recent survey of IT managers, 86 percent of respondents indicated that they were under pressure from executives, the marketing department and the sales department to ease up on security policies.

The survey isn’t really a big surprise; IT security people have always been a little at odds with the rest of the enterprise, the survey just confirms it. Knowledge by consensus, or more accurately, knowledge by mob rule, is trendy today, with the underlying philosophy being that if enough people get together and agree on something, then it must be so. But this is faulty logic of course. At one time, all the scientists that mattered thought that the world was flat and the sun revolved around the earth, too. The point is, security guys have to stand firm and not give into mob demands. The result would be disastrous.

The survey indicated an overwhelming desire by non-IT people to enjoy relaxed policies regarding access to Web-based apps and social networking sites, as well as Web-based email. It is possible to impose inbound and outbound content protection to mitigate the risks inherent in Web-based apps, and I’ve long been a proponent of Web-based collaboration tools, since I work from my home office. However, social networking sites have become more commonly used as platforms for phishing attacks, which call for greater education. And Web-based email like Hotmail or Gmail just don’t have any place in the enterprise at all.