Ran across an old document today at work. When SPI was purchased by HP a little over a year ago my boss had me compose a memo about why we needed completely unfiltered internet access. HP IT doesn't like us very much...
The main problem with unfiltered/unproxied access is logging/accountability. Passive URL monitoring via the IDS devices takes care of web logging and as long as the hosts are static/reserved DHCP and authenticated, there's your accountability too. Since you won't be getting authenticated proxy logs, you'll have to correlate auth and access logs.
It's a bit more work to accommodate the "problem children" but at the end of the day all the regulatory nuts and bolts are still effectively intact with that sort of monitoring system.
RE: Memo from Work