Ah, yes. Size

From the ISC SANS Diary:
Explaining Defense in Depth
Once an organization reaches a certain size, you end up with a situation where separate groups are responsible for firewalls, IDS, anti-virus, etc. Often these groups will not share a common chain of command.
Ayep. WWU is large enough we have entirely separate functions doing firewalls and network access controls, and server ACLs and patching. This creates some interesting meetings when functions clash, like, say, Network Access Control that requires a client/agent on each desktop. Happily, we all report to the same CIO, and the managers of each department talk to each other regularly.

This is part of the natural progression of IT departments. In The Beginning, One Guy Does It All. From creating patch cables, keeping the firewall running, patching servers, to fixing broken Outlook installs, and maybe also fixing broken fax machines. Add a couple of people and you start getting some specialization. Then an actual manager gets involved to act as interface between the tech-nerds and the end users.

The first specialty to cleave off of the IT blob is likely to be either a desktop/everything-else or network/everything-else, depending on the people in the IT blob. The second specialty to cleave off will be either network or desktop, whichever didn't cleave first. By this point, you may even have six people in IT; a manager, a network guy who probably also does phones, a server guy, two helpdesk-types, and a jack-of-all-trades of some kind who may do programming as well.

Poof, growth happens. Depending on the business, a dedicated programming section may form. The helpdesk will formalize into a call-out center. Another server-jock or two will be picked up. The phones-and-network section will pick up more people, but not as many as the helpdesk. This kind of thing will happen to any company.

When a dedicated security management center arrives depends on the industry and corporate culture. WWU doesn't have one yet, outside of University Police. Banks have had them for decades. The security manager may be outside of the IT stack completely, and have their own IT assets. Or the security manager will be a subordinate of the CIO.

Which means that when a company of a certain larger size decides to try and implement a security-related something that crosses major functional groups, it's a good test of inter-departmental communication! This kind of project can really help illuminate where the fundamental communications breakdowns are. Don't forget ownership issues! If the Desktop Support group 'owns' the desktop, and the security office wants to roll out a new asset-inventory agent on all desktop and server assets, it can cause pissing matches. Oh yes.

But, we're pretty good at talking with each other here. Anything that firmly crosses functional groups like a NAC does will still have project delays due to the need for cross-talk, but we do get working on it. There is a happy lack of personal grudges between the managers of each of our functional groups.