Your employees might be blogging right now, as you read this. Or visiting a wiki site, checking out MySpace or sending instant messages. Best case? Your bright, tech-savvy employees are creating and collaborating.

Worst case? Those same employees are unleashing company secrets or damaging your business's reputation. It's a conundrum that pits IT security managers and their instinct to protect information against companies' desire to take full advantage of the newest technologies and attract the best technical minds.

Not surprisingly, response to web 2.0 is as varied as companies themselves. Financial services firms, banks and other businesses in highly regulated industries tend to ban such online activities outright; others swing the other way, with few restrictions and light oversight.

But, alas, most companies fall somewhere in the sticky middle – trying their best to restrict activities that expose them to undue risk while letting their employees experience the full creative benefits of the web 2.0 world.

Many organisations are now figuring out how to develop these custom-fit rules. Our exclusive survey of IT executives shows that just over half have already made that first effort, implementing policies to regulate employees' use of social and networking sites and instant messaging. And of those companies that do have policies in place, 76% prohibit those activities altogether.

Are total bans the right approach? For some, yes, and for others, no. In the following pages, you'll read stories about companies that have wrestled with that question and, in the process, figured out the policy that works best for them. And as these companies know, it's not just about applying a technology fix; a big part of the answer is effectively communicating those policies to employees.

In the end, as surely as you have employees, you have web 2.0 security concerns. There's no ignoring the issues, and there's no boilerplate for addressing them, either. But we hope you'll draw a few policy ideas from the experiences of the organisations profiled in this issue.

Because as Michael Miller, Global Crossing's vice president of security, says, "If you spend all your time blocking it, people will find ways around it."