Last week we pointed out a report from the Corporate Executive Board that predicts the state of corporate IT in the year 2015. The report (.pdf) looks at today's IT function in light of developments in business, society and technology, and it asks whether a stand-alone, dedicated IT role still makes sense. 

The board concludes that the majority of IT resources and responsibilities will end up outside the IT department in five years. But I have to wonder whether these reports of the IT shop's demise are--at least partially--exaggerated.

Among the report's boldest predictions: Fewer than one-fourth of today's IT employees will remain in a dedicated IT unit. This will be possible because: 1) The IT function will devolve to a business shared services group with other corporate functions; 2) applications development, infrastructure operations, and back-office processes will be handled by outside parties; and 3) business leaders will have a greater responsibility for IT, as they, along with end users, assume a larger role in procuring and managing their technology.

To come to its conclusions about the changing value and role of IT, the report examines 10 external trends. However, conspicuously absent from the list are two trends that could very well play a countervailing role in the predicted changes: First, there is the ballooning security threat to corporate networks from increasingly sophisticated internal and external attacks; and second, companies are subjected to an increasingly complex data compliance burden resulting from an expanding body of federal and state laws.

These two external trends, which are inextricably tied to IT and affect the corporation as a whole, are costly and threaten to become much more so if not managed well. Recent research shows that the cost of a data breach, which is a lapse in both security and compliance, is rising not only because of monetary penalties but also because of lost business.

The report predicts that IT services delivery will be "predominantly externalized" by 2015, but the security risks of cloud-based services might make decision-makers rethink this shift. A greater portion of network security itself can be delivered by outside parties, but that comes with its own risks too. Last month's automatic anti-virus update fiasco by McAfee offers one illustration.

The report also predicts that business leaders and end users will assume a greater role in procuring and managing their technology by buying IT directly from cloud service providers, but developments in the area of compliance may hinder this shift as well. There are indications already that cloud services allow users to evade controls. What's more, using cloud services can raise a whole new set of compliance tasks. Can business units whose core mission and expertise have nothing to do with information management ensure that the data is protected and that the company is in compliance with all regulatory imperatives? 

Five years from now, the notion of IT enabling the business may be as much about cost-avoidance (by minimizing monetary penalties and lost business) as it is about innovation, customer service and marketing. As security and compliance demands grow in number and complexity, it may become more vital to have dedicated, centralized expertise and resources in place to develop, implement, monitor and manage information policies.

Perhaps the IT role and responsibilities will devolve to external providers, business leaders and end users, as the report predicts, only to be brought back under the watchful eye of a dedicated, expert team once hard lessons are learned. Let me know what you think. - Caron