The direct costs are pretty straightforward. You need to buy software and you need to deploy it. Consider the cost of the software and be sure to include ongoing maintenance, since that won't be free in future years. Then there are direct deployment costs. Will an IT staff member be needed to install the software, or is there a software distribution engine that will take care of it?
Also factor in some training costs, because users need to understand what's been installed on their machines and how to use it. Relative to whole-disk encryption, also make sure users understand what to do if they lose their password. You don't want to get a call at 3:00 a.m. as your CEO is in a foreign land and has locked himself out of the machine.
Where it gets a bit squishy is in estimating the indirect costs like additional help desk resources because users forget their passwords and cannot access their machines. Or someone hits the wrong switch and blows away all his or her data. These things and more are going to happen, so make some estimates and then monitor the data closely as the products are rolled out.
Keep the cost model close at hand because it will be changing as you go through the pilot and early implementations.
For more information:
Dig Deeper on Disk Encryption and File Encryption
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.