Here is an interview I did last week on the current lack of alignment with IT Security (the People's Republic of IT Security) and business priorities, I would say that IT Security has achieved the $2,000 screwdriver:
< snip > Question: Is the realignment important? Peterson: I think it is a big deal. I really think IT security is out of control; in many cases, they are spending $10 to protect something worth $5, and in other cases they are spending a nickel to protect something worth $1,000. If you look at the numbers objectively, you see why it is out of control, and you can use the investing habits of the business to improve the situation
This interview was prompted by an earlier post on network security budget cruft. Investment is a big deal. There is innovation in app and data security, but there could be more if IT security invested their money with the same priorities as their business instead of searching for the nth feature on their network firewall.
If a company is putting in SAP or Siebel or whatever, you can bet the folks who run apps and databases are spending their dollars in developing and supporting those languages and databases, because that's where their enterprise is going. Meanwhile in the People's Republic of IT Security, you can bet there is an effort underway to find some new cops and robbers tool that watches where employees surf or yet another network firewall feature.
Update: Hoff annotates and provides additional insight.