Problem solve Get help with specific problems with your technologies, process and projects.

Full disk encryption: A hot opportunity for VARs

Full disk encryption is a hot market right now, despite the down economy. Recent security breaches can be attributed to unencrypted laptops, a problem that is easily fixed. Full disk encryption will help your customers avoid the headaches that come along with such security breaches, as well as save them money in the long run.

Solution provider takeaway: Solution providers will learn why full disk encryption is such a hot market right now, and how to make the most of this opportunity.

Full disk encryption has been a hot market for the past two years. In a macroeconomic environment where things are slowing down, full disk encryption is heating up even more and that means it should become one of your top priorities to bring forward to your customers.

The reasons are clear. Let's go through the typical scenario:


  1. Your customers have laptops.
  2. Your customers do stupid things with those laptops.
    a)They leave them in Starbucks.
    b)They get stolen out of cars and hotels.
  3. Lost (or stolen laptop) = lost data = disclosure to customers = bad day for customer = good day for reseller who has a product to solve the problem.

You don't have to look too hard to find examples of laptop theft creating a lot of angst for organizations. The folks who run the fast pass airport security program Clear recently "misplaced" a laptop containing information on 33,000 customers. The nature of this personal information would make it easy for an attacker to perpetrate significant identity fraud. The laptop wasn't encrypted either, so anyone who accessed the machine would have free run of that data.

Let's look at another example. Charter Communications had a dozen laptops containing information on more than 9,000 current and former employees stolen from one of its offices. The main company had to disclose to its employees (who then promptly told the press) that their privacy was potentially compromised.

I could go on, but it's not a lot of fun to read example after example of organizations suffering dire consequences for losing laptops.

In the security industry, there are few quick and easy answers to solve problems. But it is easy to ensure that private data isn't at risk when a laptop is stolen -- just encrypt the disk. Most of these stolen laptops are pilfered to sell on the gray market -- the attackers don't really want the data. By encrypting the hard disk, criminals are not able to analyze the disk and find personal information. It also means your customer does not have to disclose the lost laptop to customers, employees, law enforcement, etc.

There is a clear ROI for this expenditure. Just ask your customers what they pay outside legal counsel per hour. In a typical disclosure situation they are looking at hundreds, if not thousands, of billable hours with an attorney. In comparison, the cost to deploy full disk encryption is a drop in the bucket.

Now that you are on board with the short-term opportunity that full disk encryption presents, how do you know what to sell to your customers? As with most other security markets, you've got plenty of options to add to your line card.

  • The new trend in full disk encryption is the integrated bundle from the vendor that already provides the endpoint security suite. Full disk encryption represents an upsell to the existing implementation and provides a larger deal size. Companies like McAfee (acquired SafeBoot), Check Point (acquired PointSec), Symantec (OEM GuardianEdge) and Sophos (intends to acquire Utimaco) can bundle in these solutions, providing a central management capability over time (they aren't there yet) and one less vendor to deal with.
  • Standalone solutions are still out there, but not for long. I've done a lot of research into the space and it's pretty clear that full disk encryption will eventually become a feature of existing products. Yet, for the time being, especially if the customer uses an endpoint security suite that doesn't have an encryption option, a standalone solution is fine.
  • Small shops can dispense with the commercial-grade offerings and just use the built-in capabilities in Windows Vista (BitLocker) or Apple's FileVault. In reality, these aren't optimal because there is little to no central management, but over time each of the OS vendors will improve that. These options are also cheap, since they are built into the operating systems already.

I don't know much, but I know tomorrow will bring a sunrise and another data breach due to a lost laptop. That creates an opportunity for resellers to help customers solve this short-term pain. Over time, this will be an endpoint feature, but for the next 12 to 18 months there is a lot of opportunity to upsell and monetize this screaming need.

About the author
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about the Pragmatic CSO at, read his blog at, or reach him via e-mail at mike.rothman (at) securityincite (dot) com.


Dig Deeper on Value-added resellers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.