"For the first time, business users have a choice between what services IT is offering and what users can requisition on their own," he says. "But until the CIO can get a firm grasp on what it costs to deliver IT, he or she won't be able extend meaningful choice back to business users. This will only serve to supply more oxygen to the fire of shadow IT."
IT concession No. 6: You will never have enough hands on deck
IT departments often want a fairer shake when it comes to outsourcing and head count reductions, but they're not likely to get it, says Meikle.
Because the tech outsourcing industry is much more mature than, say, legal services or HR outsourcing, IT is often the first to suffer when corporate bloodletting occurs. That's not likely to change.
The solution to IT manpower problems, says Meikle, is to take advantage of third-party outsourcers and integrate with them as much as possible. The bodies are still available; they're just not under your own roof anymore.
Also, says Meikle, be sure look out for No. 1. Keep your tech chops current with an eye on the next job before the current one evaporates.
"IT pros need to understand they work for themselves first, the organization second," he says. "They need to continue developing their network and contacts, marketing themselves, and developing a personal brand even when they are employed. Like it or not, IT pros may have to pony up some dough personally to pay for their education and marketability, but that will pay dividends when the chips are down."
IT concession No. 7: Your network has already been compromised
Everybody wants their networks to be easy to manage and hard to breach. What they usually settle for, though, are racks and racks of security appliances that are hard to manage and easily compromised, says Joe Forjette, a senior project manager at enterprise security appliance vendor Crossbeam.
"The worst part is that each appliance needs to be constantly patched and updated," he says. "The result is a sprawling, highly complex, and costly security infrastructure."
It's also not working all that well. According to the Computer Security Institute's most recent survey, 4 out of 10 organizations experienced an incident such as a malware infection, bot net, or targeted attack in 2010; another 10 percent didn't know if their networks had been breached.
A smarter approach is to start with the assumption your network has already been compromised and design security around that, says Wade Williamson, senior threat analyst at network security company Palo Alto Networks.
"Modern malware has become so pervasive and so adept at hiding within our networks that it is increasingly common for enterprises to assume they have already been breached," he says. Instead of slapping yet another layer of patches onto the corporate firewalls, security pros can spend more time looking for where the nasties may be lurking, such as inside a peer-to-peer app or an encrypted social network.
The notion of a "zero-trust architecture" is gaining traction among many organizations, says Williamson.
"This is not to say that these companies are simply throwing away their security," he says, "but they are also turning their attention inward to look for the tell-tale signs of users or systems that may be already be infected or compromised."