Even as viruses grow more dangerous and zombie botnets flood us with spam, security experts are turning inward. The real threat is from within. One disgruntled sales manager jumping ship to a competitor and taking customer lists along can do more damage than the latest worm, while being much harder to detect.

According to the U.S. Commerce Department, intellectual property theft costs U.S. business about $250 billion each year, while also slashing nearly 750,000 jobs from the U.S. economy.

Not all of the damage is intentional. Data leaks got a lot of press last year, with the TJX scandal leading the way. The typical data leak incident combines a careless employee or lax security policies with opportunistic crooks. Yes, TJX was technically the victim of an external attack. However, TJX gathered customer credit card information that it shouldn’t have and stored it in an unencrypted database. It’s pretty much like leaving the keys in the ignition of your car and being surprised when someone steals it.

Security vendors are tackling this problem with new solutions that range from enterprise rights management to data discovery and policy generation to data-leak prevention. If your security profile doesn’t take IP theft and data leakage into account, you should look at vendors like Liquid Machines, Proofpoint, Reconnex or Vericept.

You may soon have access to these features through your existing vendors, as well. Symantec recently acquired Vontu, while RSA and Websense made acquisitions of their own earlier this year, snatching up Tablus and PortAuthority.

Until recently, virtualization has been focused on data-center optimization. With virtualized servers, hardware utilization goes up and flexibility increases. At the same time, costs associated with hardware and ongoing maintenance drop.

Virtualization is now expanding beyond servers. On the trend front, it is being linked to the green data-center movement. The server efficiencies that come with virtualization also translate into lower power consumption and a smaller footprint within the data center.

Meanwhile, now that the technology for server consolidation has matured, virtualization could expand beyond the data center. VMware, Sun, Citrix and Novell all have mature technologies. Meanwhile, behemoths like Microsoft and Oracle have entered the space, further validating the technology.

Within the next couple of years, virtualization could find its way to the desktop. In the near-term, though, virtualization will be mainly a data-center play. Virtualization is the driving force behind data-center automation initiatives. It has the potential to bring on-demand workload automation and high-availability infrastructures together for cheaper, more flexible, more reliable infrastructures.

In the longer term, desktop virtualization could give users greater flexibility and IT better control. Many analysts have dismissed virtual desktops as yet another thin-client mirage, but what is more likely to happen is that virtualization will line up with other trends like service-orientated architecture (SOA) and mobility to deliver on-demand applications to whatever device users happen to favor, be they PCs, thin clients or smart phones.

Speaking of services, the software as a service (SaaS) market continues to grow. SaaS has slowly been expanding beyond the mid-market, and since it dovetails well with other trends like virtualization and utility computing, 2008 could be a breakout year.

The big success story in the SaaS world is Salesforce.com, which has created an entire ecosystem of related third-party applications. In fact, the company has started to refer to its offering as a PaaS (platform as a service). For the enterprise, this delivers the promise of one-stop shopping for related applications and better data sharing among applications.

Another important SaaS happening this past year was Google’s acquisition of Postini. Google continues to make inroads into what were previously desktop applications, and service-based offerings are leading the charge.

If your concerns about mobility are still centered on rogue access points and weak wireless encryption, you’re not keeping up. With the release of the iPhone, the long-hyped computer-like smart phone phenomena finally arrived. Each iPhone within the enterprise represents an uncontrolled node that could introduce viruses, leach out intellectual property secrets and generally undermine your security policies.

At the same time, mobility isn’t just about wireless. USB storage devices are cheap and robust. At a trade show this past spring, I was given a 2 GB drive as a party favor. When 2 GB USB devices are given away like key chains or beer cozies, you’d better wake up and pay attention to them. Fortunately, there is security software out there from the likes of SanDisk, DeviceLock, and SkyRecon Systems that allows you to create and enforce policies for peripherals. The big security vendors, such as Symantec, are also starting to pay attention to this problem, so you should have plenty of options for protection in 2008.

1. Adopt ITIL and other frameworks like COBIT and ISO 17799 to bring discipline and efficiency to IT operations.
2. Use IT systems performance management audits and software to increase application throughput and manage costs.
3. Utilize server consolidation to cut hardware, software, staff, and other costs.
4. Implement data center automation to reduce operating costs.
5. Install server virtualization to lower hardware costs and reduce administrative burden.
6. Embark on application rationalization to help IT shed duplicate applications and infrastructure.
7. Get improved data on application resource usage so you can make better use of maintenance staff.
8. Use application portfolio management (APM) tools to develop metrics to drive maintenance effort and cost reductions.
9. Use software change and configuration management tools and processes to reduce outages.
10. Undertake IT asset management initiatives to optimize usage of software and hardware.
11. Install the current generation of service-desk tools keep IT support costs down.
12. Employ enterprise architecture groups to drive standardization of the software portfolio.
13. Use your vendor and contract management teams to squeeze more value from vendors.
14. Utilize contract life-cycle management tools to help optimize the savings from supplier contracts.
15. Use formalized and aggressive IT sourcing practices to cut ongoing depreciation and maintenance fees.
16. Employ eSourcing and services procurement tools help secure more competitive vendor bids.
17. Keep selective outsourcing options on the table that may lower costs and improve IT.
18. Implement IT operations scorecards to track and drives improvements and reduces cost.
19. Give IT leaders dual roles as business relationship managers and IT activity managers.
20. IT MOOSE- spending to maintain and operate the organization, systems, and equipment