There are a number of issues facing IT organizations today, but there are a few categories that make up the biggest concerns. These include remaining competitive, security and legislation.
Being competitive ties in to the fast paced nature of changes to technology. An organization that had the best website or most impressive tools for customers cannot stay on top if they only perform maintenance on these applications - they must always be looking to the future and finding new technology solutions to be at the forefront of their field. This is costly and time consuming, and in some cases the organization may not see the value in constantly putting resources to developing these solutions; that is until they fall behind their competitors and begin losing business because the competition has better solutions for clients.
Security has always been high on the list of concerns, but has become more and more important as technology becomes more ubiquitous. One of the biggest issues facing IT organizations in terms of security is the growing sophistication of attackers, in conjunction with the increasingly complicated nature of technology. Given the power of easily obtainable hardware, attackers can launch more sophisticated attacks in a larger scale to continually try to find coding errors or other ways to get into a system. Attackers are far more flexible than the IT departments they are up against, and can even hide or obscure their actions so as to go undetected. When developing software or installing hardware IT departments are addressing the problem from the perspective of making things work - it is easy to miss or overlook a vulnerability when that is not the perspective had by the group. Today IT departments need to accept there are going to be vulnerabilities, and take a multi-step approach to limiting and mitigating these as best as possible. They should try to predict what attacks are most common or are most likely to occur, take steps and put systems in place to prevent vulnerabilities or attacks as best as possible, if something does occur there need to be systems in place to detect what has happened, and finally they need to be prepared to respond to anything in terms of locking down systems, limiting access, protecting data and fixing vulnerabilities once they have been discovered.
Finally, legislation is starting to look at IT with a new perspective, and this will be a growing concern in the future. Some of the areas that I believe will become substantial in terms of legislation include privacy, law enforcement, consumer data, and protection of minors. These areas have already been somewhat prominent, but will only become more of a concern as we move forward. There is a discrepancy between maintaining privacy and law enforcement, as has been seen in conjunction with RIM and the encryption on Blackberry in countries such as India. Issues of privacy and consumer data have been brought up in prominent cases such as Facebook changing privacy settings and controls, and Google with the launch of Buzz. And there have been concerns about how to maintain privacy and first amendment rights while attempting to protect minors with legislation being passed and subsequently failing such as the Child Online Protection Act. There are also aspects of legislation that impact IT such as Sarbanes Oxley which change reporting requirements, leading to IT having to make substantial changes in order to comply. Legislation is still dozens of years behind the technology it is trying to impact, which adds additional challenges. In this case, organizations simply have to do everything they can to ensure compliance; the potential costs of fines or the associated impact to public perception of an organization that fails legal compliance could be substantial, not to mention any issues associated with even more specific government oversight (the FTC is auditing Google and Facebook every other year for 20 years following their snafus) makes compliance with legal requirements of utmost importance for most organizations.