I am putting together a security paper for my company. This question encompasses many different areas as one can imagine.
1) more and more features have the potential to create more security holes and fewer people managing the security actually understand all the complexity that is involved.
2) Dozens of services running on just as many ports can create a security nightmares
3) many applications by default are coming 'out of the box' secure by default. Even Windows is installing with security policies inplemented expecially on the Domain Controllers
4) Security issues with hard copies and backups