What future is there for the IT Security department?

There is an argument that IT security departments are so hard at work dealing with yesterday’s threats that they’re deeply incapable of reacting effectively to the developing threats and vulnerabilities that are inevitable as businesses push the frontiers of digital working and communication.
Certainly, IT departments and boards of directors don’t really understand one another and IT (and especially IT security) is all too often seen as a barrier rather than as a business enabler. The huge efforts and investment going into compliance computing (around both privacy and financial/operational reporting) can only increase the extent to which IT is seen as a barrier to the deployment of a cost-effective, flexible, business-centric IT infrastructure.
We need to develop a different approach – one which deals with risks and vulnerabilities – but which enables the organisation to compete flexibly and fast – we might call it real-world security.