Firstly there is the business centric view which says "oh crap, lets start looking at where we can rationalise" and pushing pieces like cloud, server rationalisation, apps rationalisation and the like as a way to drive cost out of the business. These folks also tend to look at the business model they are supporting to understand where the costs are most out of kilter. The mentality here is basically the same as the business and its about changing the imperative to face the current climate.
A big part of this mindset is also the drive to use new technologies that support the business model better, especially that "scale down" problem that most traditional approaches have. The business IT view is that cloud and SaaS represent a good solution you just need to be clear where they work and then overcome the hurdles.
The other mindset however is the technology centric one and the mindset that basically says "fine the way it is, don't want technology that is outside of my control". I've described Terry Pratchett architects before and I'm hearing lots from the later camp at the moment. It almost sounds like the old phrase about the business
I don't understand the hardware, I don't understand the software, but I can see the flashing lightsThe problem is that with cloud and SaaS they don't get to see the flashing lights and they don't get to even design what the hardware will be.
This will be the biggest impact out of the year around IT, business focused IT folks who understand the model and can actively suggest new approaches to rationalise cost will do well. Those that put barriers in the way will do very badly, especially if those barriers are placed their to maintain a comfortable status quo.
The key for IT is to understand the business model, understand the business services and then understand where IT adds real value and where it should simply be a utility, then plan against that utility. That means cloud and SaaS will figure largely in how you build, deploy and manage those business services because differentiation is not important.
The final point is that when an IT person comes up with barriers around security or compliance then you have to be rock solid, 95% of the time someone has tried that in the areas I've dealt with it has turned out they were wrong. Being cautious is one thing, but in this market the erring on the side of caution is also a business issue, not just a technology one.