With the economy being the way it is, business are most likely going to be going through more churn than ever: layoffs, mergers, buyouts, and so on. This brings up the question of how the IT department is going to handle all of that churn: "Which apps do the new employees from the XYZ aquisition get permission to use?" or "Did you revoke John Doe's access to everything when he left the company last month?"
I think this podcast does a nice job of outlining some of the concerns that IT managers are facing on a regular basis - even if part of it is a bit of a pitch for HP software and services ;). Here is a piece of the transcript:
The reality in the market is that many things impact that security posture, internally, every time a new system is installed, any product or service defined, or even when a new employee joins. Externally, we’re impacted by new regulations, new partnerships, new business ventures, whatever form they may take. All those things can impact our ability, or our security posture.
Security is much like business. That is, it’s impacted by many, many factors, and the problem today is trying to manage that situation. When we get down to tools and requirements around such things as identity management, we are dealing with people who have access to systems. The criticality there is that there have been so many public breaches that we have become aware of recently that security again is a high concern.