Some 84 percent of organizations in the U.S. are allowing their employees to use consumer-focused IT products and services such as iPads, iPhones, Facebook, Twitter and instant messaging, according to a new survey by Proofpoint and Osterman Research.

To mitigate the risks associated with these technologies, organizations are moving away from a "trust-only" approach and deploying three-layer security and compliance strategies that include a combination of trust, policy and technology, the study says.

Also see "Ready or not, they're already in your enterprise"

The online survey of 632 IT, security and business professionals at businesses and government agencies, conducted in May 2011, shows that about half (51 percent) of respondents use a combination of all three layers of security. Only 12 percent rely solely on employees' "good judgment" for defense against security vulnerabilities.

Consumerized IT in the workplace is a "fact of life" and organizations recognize that they must act to integrate it in a secure and compliant manner," says Michael Osterman, principal of Osterman Research. While trust will always be a key part of any security and compliance strategy, Osterman says, it's encouraging to see that half the organizations surveyed are aware that trust alone will not provide effective defense.

A minority of the organizations queried as part of the 2011 Consumerized IT Security Survey (16 percent) say they do not allow employees to use consumer technologies in the workplace. Of these, 64 percent suspect that employees are using consumerized IT regardless of any policies against it.

Organizations that have no control over unauthorized use of technologies on their networks are in "serious peril," says David Knight, executive vice president of product management and marketing at Proofpoint. Sooner or later an unprotected device, social media site or IM platform will provide unauthorized access to regulated information, he says.

Read more about network security in CSOonline's Network Security section.