A disadvantage [most security groups] face is the fact that we do not lead architecture changes that improve both security and functionality.
It's easy to lose sight of the ball and focus on restricting of data and permissions instead of enabling technologies securely. Security orgs should be quicker on the uptake instead of challenging every move IT or the business makes.
An easy example would be revamping remote connections to the network. Your company use OWA as the primary connection? Citrix or Terminal Server? SSL VPN? Delve deeper into the setup and find out if it's meeting employees expectations. Then build a case for a better solution (VPN, Outlook over https, nfuse, whatever!).