CIO Magazine has a interesting article about Douglas Merrill, the CIO of Google. One of the things he dicusses in the article is that if someone can be 10% more efficient by using a Mac, he let's them use the Mac. He goes on to talk about rather than trying to provide security based on a standard platform, he has taken a more holistic and defense in depth approach that recognizes that many of their workers will be using wireless and probably working remotely as well.
I like the idea, not sure I'd enjoy the implementation, unless maybe I was at Google and had the bucks to spend to do it. Most companies like to run at least all Windows, and it's not uncommon for them to try to run the exact same models of desktops & laptops to make imaging new machines dirt simple. Most network guys - as a stereotype which may or may not be fair - believe in giving users as a little access to their machine, information, etc, as possible - no access, no problems! I think the open environment is he building at Google is great for knowledge workers, and maybe even great for the support staff, but is it affordable and doable for the average company? I see some companies that are in lock down mode, others that just put up wireless and hope for the best, few that seem to have the vision and resources of Google. Of course, I'm assuming it takes resources when maybe it just takes having the idea, and from there you just allocate resources differently. I'd like to think it would work that way!
But the real point for me is that as IT professionals we just have to provide a more open environment without sacrificing security. That means letting users build their own reports, post their own web content, and yes, maybe even write their own queries sometimes. Part of our job is to mitigate risk, not remove it by just not letting users do the work that needs to be done. It means letting go of the fear that 'something might go wrong'. Yes, something might go wrong, and when it does we'll fix it and learn from it, but we can't react out of fear ('that user written query killed performance, so no more user written queries'). Think about it the next time something goes wrong!