Tackling the Rising Cost of Security

For many organizations, security spending - as a percentage of IT budgets - has gotten out of hand, says Chris Richter of Level 3 Communications. "Security costs are creeping up, and in some cases they're rocketing up," he says.

"If you go back five or 10 years ago, what was considered to be a normal percentage of an overall IT budget for security was around 3 percent to 6 percent," Richter says. "But now, on average, IDC reports that security budgets are in excess of 21 percent of an IT budget, and in some cases they're 50 percent to 60 percent."

This situation isn't sustainable, Richter says, because security is increasingly cutting into IT budgets to the point where it diverts resources from revenue-generating projects.

Of course, organizations will look to new technologies to help blunt hackers' increasing sophistication. But there are multiple non-technology steps organizations must take. "It all starts with governance," he says, including generating risk profiles, identifying where the most valuable data gets stored, as well as focusing on education.

In this interview with Information Security Media Group (see audio player below photo) conducted at the Infosecurity Europe conference, Richter also discusses:

The importance of governance, including ongoing education; The cost upsides of cloud-based security products; The information sharing imperative; The role of enterprise security gateways.

Richter is senior vice president, managed security services at Level 3 Communications, where he's responsible for the company's global managed and professional security services business. With 30 years of experience in IT, Richter has held a number of leadership positions in managed security, IT consulting and sales with several technology product and services organizations. His most recent previous position was vice president, managed security services, at CenturyLink.