Power users\u201d can be demanding pains in the butt. And tech-savvy managers may be relentless thorns in your side. But the employees with the greatest potential to make your enterprise life a seething hell of killer viruses, data loss, network disruptions, compromised security and contempt for your professional competence are the \u201cordinary\u201d folks who think their technologies belong on your network (see \u201cConsumer Appeal,\u201d Page 63).They care not that Skype is a terrific vector for viruses or that a MySpace account will prove to be an information sieve or that making the company\u2019s uber-customized \u201csales-force automation\u201d system run on their BlackBerrys will take months of programming.They don\u2019t think twice about using 1-gig memory sticks to back up customer data and then losing the sticks on a trip. Maybe, in the interests of good supplier or customer relationships they\u2019ll put a behind-the-firewall link on del.icio.us to help answer a question or two\u2014and then call your people screaming that you\u2019ve made them look bad because it\u2019s inaccessible.Employees just suck, don\u2019t they? It\u2019s bad enough that they don\u2019t read the documentation, follow the rules or make even a minimal effort to get the most they can out of internal IT systems. Now they\u2019re bringing every consumer electronics gizmo they\u2019ve purchased, website they\u2019ve accessed and IM account they\u2019ve set up into the enterprise, and they expect you to support them. Just what do they think they\u2019re doing?The answer to that question is the reason the surging challenge of consumer technologies will get worse before it gets better and why the problem can\u2014at best\u2014be managed and not solved.An emerging majority of employees honestly believe that the technology they use outside the organization is superior to the technology they use inside the enterprise. They feel they\u2019re getting a swifter and more valuable user experience interacting with eBay than with your supply chain software; Google\u2019s better than your DBMS; Skype beats your phone system; and AOL wins because you don\u2019t allow IM or \u201cbuddy lists.\u201dWhat\u2019s more, the savvier employees with teenagers look at MySpace and Facebook and wonder why IT isn\u2019t adapting those kinds of social networking genres for project management and hiring systems. They wonder why they get better, faster, cheaper or free software services outside the firewall. They think you\u2019re too slow, cautious, unmotivated. They think you suck. If they like you, they simply think you\u2019re too busy.So that\u2019s their excuse for bringing external technologies and services into the enterprise: You can\u2019t and\/or you won\u2019t.Further complicating this dynamic is the reality that most of your better employees now take their work home and on the road. Companies have (successfully) used IT to both blur and dissolve the lines between the office and the home. Well, two can play at that game. Employees once dependent on enterprise software to finish a project over the weekend now want to be able to integrate software and services from websites you might not like or trust. Too bad for you.Historically, IT\u2019s response to technical insubordination is prohibition: Employees are forbidden from using Skype, IM, personal e-mail accounts and so on. I remember that in the 1980s, more than a few Fortune 500 IT shops didn\u2019t allow personal computers. In the 1990s, corporate IT tried to stamp out unauthorized local networks that various workgroups had set up for themselves because IT hadn\u2019t gotten around to supporting them. No wonder IT got a reputation as \u201cuser hostile.\u201dGuess what? Last millennium\u2019s authoritarian\/totalitarian IT enterprise culture approach to innovation imports can\u2019t work. Declaring war on external technologies turns your employees into innovation insurgents and \u201cGoogle guerrillas.\u201d You are defining them as enemies, and enemies have little interest in cooperation and collaboration. No\u2014they\u2019re interested in figuring out workarounds and countermeasures.They\u2019re not doing this out of spite; they\u2019re doing it because using these tools and technologies makes their work lives easier, better and more productive. Do employees occasionally and, yes, inappropriately use these sites and technologies for personal use\u2014booking travel, buying products, sending personal messages? Of course. Then again, they\u2019re also doing work at home and during personal time while on the road. Does IT really want to be Big Brother, Supernanny and Techno-enforcer all in one? As the CIO, is that the \u201cemployee empowerment\u201d brand you want for IT?Enormous reservoirs of time, money, resources and hostility are consumed in this losing battle to define what employees cannot or should not use. Don\u2019t do it. People will use IM whether you like it or not. People will use their cell phones to access proprietary databases. The core concern is that some of these behaviors are far riskier than others. IT\u2019s traditional role of identifying such risks in order to eliminate them is no longer sustainable\u2014not when the quality of external options is so often superior to the quality of internal service.There is no cost-effective \u201csolution\u201d to this challenge; there is, however, a constructive approach. Don\u2019t compete; don\u2019t combat; co-opt. Organize advisory groups of employees who flout your rules on external innovation and relentlessly get their input on how helpful you should be. The purpose is not to cater to their whims or get them to like you better. It\u2019s to exchange ideas and insights around risk. It is not your job to eliminate risk; it\u2019s your job to manage it.You and your folks (should) know way more about the technical risks of these technologies than your employees. How well do you communicate and explain risk scenarios? To what extent do your employees appreciate that there are often very simple, easy things they can do to dramatically reduce their individual and your institutional exposure to risk?It\u2019s foolish and counterproductive to let IT\u2019s and Legal\u2019s \u201celiminationist\u201d policies get in the way of good risk management. And it undermines relations with employees when you introduce new systems and services.How well CIOs and IT should leverage external innovation to amplify core IT processes deserves future discussion. But for now, CIOs need to turn their shops away from declaring war on their digital subversives and instead invite them to better understand the nature of enterprise risk. These people are using these technologies because they\u2019re smart, not because they\u2019re stupid. They\u2019re smart enough to understand the difference between risk elimination and risk management too.