Asking a CIO to decide whether or not to allow social network access in an enterprise was akin to asking the CIO whether or not a business should engage in advertising, he said.
Mr Walls said that quite often social network blocking was implemented by CIOs; 'For non security reasons - to protect staff productivity.' He described this as a 'magpie approach' with CIOs arguing that if they 'take away the bright shiny things people will work.'
'That's not management, that's hope,' said Mr Walls. Staff productivity was an issue for HR departments rather than CIOs he said.
Speaking during Gartner's Symposium which is being held in Sydney this week, Mr Walls said that the technology landscape being shaped by trends such as social networking and cloud computing which demanded a fresh approach to computer security. He said that it was important to rely not simply on technology solutions, but also to tackle processes and behaviours to ensure a more holistic approach to security.
'Australian clients are struggling with this. There is a higher percentage blocking access to social networks than in the US and Europe,' he said.
'We have seen a gradual decay of blocking - but still there are more than 50 per cent of organisations which actively block access to external services.'
Even with official blocks, employees would be able to access social networks and external services using their own connected devices, and organisations needed to prepare for the additional organisational transparency that generated he warned. 'This is a challenge especially for government - if a problem becomes transparent.
Mr Walls acknowledged that the issue of national security with regards to computing and information infrastructure was 'especially problematic.'
He said that Australia seemed to be in a 'somewhat confusing state.' While the Government had clearly identified domestic communications infrastructure as an important national asset, he said that the Federal Attorney General's department had made it clear that organisations could not expect Government support if they were attacked via that infrastructure unless they were a provider of critical infrastructure.
'This needs a concerted common vision about who detects attacks, who repels attacks and who is allowed to go on the offensive,' said Mr Walls. He said that there was a need for nations to develop a proactive defensive capability, although it remained unclear who should actually be responsible for such activity given that many defence organisations were staffed by civilian IT personnel.
'This is heavily nuanced. This sector is heavily populated by civilian contractors. Can you go on the offensive, or do you need to be a uniformed member of the defence force,' said Mr Walls.
It was also important for Governments to consider finer points such as when a computer based attack represented a crime, and at what stage it should be considered to constitute an act of war. 'These are very murky areas,' he acknowledged.