A glance at two major IT news items over the past week is enough to make one wonder if large organizations have much control over their networks anymore:     

• A faulty anti-virus update sent out by McAfee Wednesday knocked out thousands of corporate computers around the world, costing businesses untold hours to repair them, not to mention lost sales and productivity.
• Dozens of lawyers, accountants and other employees of the Securities and Exchange Commission bypassed blocking and filtering technologies and spent vast amounts of time looking at pornography sites on their office computers when they were supposed to be helping regulate the crumbling financial system.

Have IT departments relinquished too much power to outside software service providers and to users in recent years? In addition to automatic AV updates and reckless employees, an emerging threat to network control is coming from cloud services. Cloud-based applications are giving business units greater opportunity to procure services independent of the IT department, David Linthicum of InfoWorld reported recently. Increasingly, these "rogue clouds" put business units in control of the relevant data and leave IT out of the loop.

These trends don't bode well for productivity or network security, but perhaps more seriously, they threaten enterprise governance and compliance regimes, in which IT plays an ever-expanding role. State and federal laws regulating how businesses handle their data are growing in number and complexity, and the non-compliance penalties are rising. While some industries, like finance and healthcare, are especially affected, no business dealing with personal data is off the hook. Renegade network activity not only poses a threat to the bottom line, but it also can raise a company's risk of being in violation of a law.

While it may not exactly be the Wild West on most corporate networks yet, it may be time for businesses to take a new look at their access controls and usage policies, and ask whether the IT pros need to assume more power. Is it time to rethink policies allowing users access to social networking sites? Should large enterprises forego automatic anti-virus updates? Are content filtering and website blocking technologies not keeping up with users' abilities to sidestep them? Let me know what you think. - Caron