The key to striking the balance between blocking social networking altogether and giving end users free reign is strong, clear policy. But it's not just about telling users what they can't do.

Social networking tools are being widely embraced by organizations of all kinds for their ability to increase collaboration and brand awareness, as well as to drive down costs. What hasn't been as widely embraced is the need for policy around the use of social networking in the workplace.

"I'm not hearing about it at all," said Heinan Landa, CEO of strategic technology consulting firm Optimal Networks. "Just to put it in perspective, while there is a vague interest when you mention it, no one has engaged us on it. My gut is that companies are way behind on this."

Landa said he attributes this to the fact that companies--especially B2B companies--are in the relatively early days of implementing social networking and marketing efforts and haven't looked at the ramifications of not having a social media policy in place.

Those ramifications can include lack of protection should something go wrong. Indeed, Landa said, companies should implement social media policy for the same reason they implement acceptable use policy for company equipment: "From a corporate point of view, you want to protect your company from any possible lawsuits, from inappropriate or damaging information dissemination, etc."

Policy should be developed to provide protection, agree experts, but it should also work to encourage employees to participate in social networking and to educate them about doing so in a safe, appropriate way.

"A properly designed social media policy outlines what can't be done and states what should be done from a legal perspective to protect the company's assets," said Jake Wengroff, global director of social media strategy and research at Frost & Sullivan. "But it also does the opposite, which is to promote and encourage and motivate employees to actually pursue social media. I think that's a piece of the puzzle a lot of people don't realize."

Frost & Sullivan has recently completed research on organizations' social networking policies. The research, which is due to be published later this year, found that the majority of companies allow access to social media, at least to some employees. The study also found that the larger a company is, the more likely it is to have implemented some sort of social networking policy.

IBM counts among its employees more than 25,000 on Twitter, about 300,000 on LinkedIn and almost 200,000 on Facebook. The company introduced social computing guidelines in 2008.

Ethan McCarty is IBM's director of digital and social strategy and co-author of the company's social computing guidelines. He said the company has identified from the early days of the Internet how important it is to strike a balance between progressiveness and protections.

"We made some good choices as a company as far as managing the opportunity and the risk," said McCarty. "As these publishing tools and interaction tools were becoming more and more ubiquitous, one of the things that happened was we decided as a company to embrace it in the spirit of innovation and exploration and seeing the potential in it. One of the things we needed to do, though, was provide the company with some protections in this space, and provide individual employees with permission, protections and guidance on how to do this stuff."

IBM's social computing policies--which grew out of a document outlining blogging guidelines--were written by a group of about 250 people who were selected for their know-how and participation in social networking. McCarty said the document--which involved "a lot of back and forth and some really great, spirited debate"--took only a few weeks of work and required very few changes after being vetted by the human resources, legal and other departments.

That's just the way it should work, said Heinan, who added that social computing policy should be part and parcel of other policy at any organization: "To me, it's something that does not take a lot of time and should be a very natural addition to the human resources employee handbook and should just be another policy tagged on to the computer policy, equipment policy, the mobile phone policy, those sorts of things."

That's not to say that social networking policy should be stuck in a binder somewhere, never to be updated. The nature of social networking demands strong and clear but flexible policy. McCarty said IBM's social networking guidelines are a "living document," and a guide to developing social networking policy available at Optimal Networks' site recommends choosing your words carefully--"think 'should' and 'should not' vs. 'can' and cannot.'"

What is your organization's experience with social computing policy? The BrainYard will continue to examine the role of policy when it comes to social networking in the enterprise, including which stakeholders should be involved in developing such policy and how to go about creating it.

Automation and orchestration technologies can make IT more efficient and better able to serve the business by streamlining common tasks and speeding service delivery. In this report, we outline the potential snags and share strategies and best practices to ensure successful implementation. Download our report here. (Free registration required.)