[sethist]

This is an oversimplification and the type of thinking that gets IT labeled as nothing more than a business cost center. IT shouldn't just be limited to preventing downtime and making sure things continue to work. It should also be focused on making employees more productive. You might say allowing Chrome cost the company $6 million due to downtime, but are you factoring in the potential losses from having a more draconian IT policy. For example, how much more productive would employees be if they could automate part of their normal workload with a good browser extension or how does a more employee focused IT policy alter employee moral and in turn employee retention?

[Silhouette]

Of course I was oversimplifying, and of course any good IT department recognises that that its job is to help other people do theirs. I did start by acknowledging joelthelion's point, and I have no problem with the idea that someone who has a genuine business need to do something outside the normal rules should be able to request a reasonable exception to whatever general policies might apply.

However, you need an awful lot of indirect benefit to make up for one screw-up that breaches corporate security, particularly if you work in a regulated industry like healthcare or finance. Lawyers and industry regulators don't care about any goodwill you got from letting Bob bring his own laptop to work if Bob's laptop was subsequently left on a train opening access to thousands of customers' medical records or credit card details. You could probably have fired Bob and hired an entire team of other people who didn't care about using their own laptop with the money you're instead paying as a fine for that one, though perhaps not so much if the business collapses due to the adverse PR and an executive or two gets thrown in jail for negligence.