2008 DOI: Day 6 - Laptop encryption hits the big leagues

2007 Incite: Patching the Leaks
More high profile privacy train wrecks force many customers to just buy something to address the information leakage problem. Laptop encryption turns out to be far from a panacea, while multi-protocol leak prevention gateways remain in high demand. Users demand integration at both ends (client and perimeter), foreshadowing more consolidation. Users finally figure out data protection is more of a process issue, forcing Pragmatic CSOs to ask tough questions of senior IT managers on how data is handled and who has access to it.

2008 Incite: Laptop encryption hits the big leagues
Since remote employees insist on losing laptops and the Government insists on notifying customers when private information is lost, security teams respond by rolling out full disk encryption far and wide. Within two years, this market disappears, first because every endpoint security suite will include a FDE option (2008) and later because the operating system makers (Microsoft and Apple) do a good enough job (2009) to kill stand-alone offerings.

As I look at the 2007 Incite on leak prevention, it was broader and focused on the broader DLP space. This year, I’ve decided to break the Incites up. The DLP piece will hit in a couple of days, but in the meantime I want to focus on laptop encryption.

When I did the dry run of the Incites to a group of my trusted colleagues, the universal feedback on this was DUH! Everyone already had thought of laptop encryption was already in the “big leagues” and kind of a foregone conclusion. Unfortunately, there is a large part of the world that isn’t there yet.

Just think about the market numbers. Check Point’s PointSec group did something like $80 million in 2007. McAfee’s SafeBoot did a bit less. There are a bunch of other players with significantly less revenue. The firewall business is billions, laptop encryption is not. Yet. Laptop encryption is not a universal thing by any stretch of the imagination. My message here is that it needs to be.

If you have laptops, you need laptop encryption. It’s a simple as that. I don’t care whether you get the big enterprise package or just mandate the use of the built-in O/S tools. You need to do something. Why? Because laptops go away. They are stolen. They are lost. And they have private data on them.

One other thing before I jump into the market dynamics. If you have service providers (outsourcers, contractors, et al) that store your data, then THEY need to do laptop encryption as well. How many organizations are pulling splinters out of their butts because their auditor or their on-site contractor lost a laptop? That should be a requirement for continued business and put as a standard term of professional services contracts. OK, off soapbox now.

What about the market for laptop encryption? Basically, it’s going away. The first wave of this has already happened. Check Point and McAfee took out the two biggest players in the laptop encryption market. There are others and they will be spoken for in 2008. Symantec needs something. So does Trend and every other company that wants to play in the endpoint space. Check Point and McAfee will use the encryption as a wedge and differentiator in a market with precious few differentiators. That means the others are sure to act.

But over time, that capability within the endpoint suite goes away as well, or it's value is marginalized at a minimum. The capability will be subsumed into the operating system. Windows Vista already has BitLocker, but it’s not there yet from a centralized management standpoint. Once it plugs into Forefront or maybe just SMS (or whatever they call the management thing nowadays), then it truly becomes a feature. Apple has had FileVault for years as well. That works great, but doesn’t really have central management capabilities.

This is another market where the standalone vendors better find a partner pretty quickly. The window won’t be open for long. They better enjoy the fresh air while it’s there.

Photo of the Enigma machine: chris_malcolm