"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support."
I understand the pressure from users but security should trump usability every time. No serious financial institution allows employees work access to the internet or personal emails or removable media. Your boss should treat other peoples most intimate data they way they treat our money. Provide terminals with no soundcards or USB or CDs to access the internet, unconnected to the local network, for people to browse their out of work nonsense.