Afford, yes. Implement? PROPERLY?
I kid you not, 90% of general purpose software developers are not sharp enough to "touch" security related code or systems without leaving GAPING holes because they totally don't understand or misunderstand simple things.
They can write an if/else or a while loop, but other more advanced things ... just beyond them. And even the moderately smart senior personnel will accidentally leave something in a "prototype" state and accidentally ship it because of deadlines.
This is the security/encryption equivalent of a Barracuda anti-spam appliance. Yes, any smart sharp sysadmin with sufficient time allocated to the task can implement brilliant near-perfect spam filtering using open source products. LOTS of sysadmins a) aren't that smart: it won't be configured nearly as well as a company needs, and it'll fail frequently or do strange things because they disagree on how it should work, and b) they won't have sufficient man weeks allocated to it, and remember, the less sharp the person is, the more time they'll need and the more problems there will be.
WAY BETTER for an SMB* to simply drop cash on an "appliance". It's almost impossible for a Barracuda to do worse than your average overworked sysadmin.
I'm not a shill for the latter, it's simply the device the SMB I work for uses. And our sysadmin's aren't dumb. They're just not brilliant and they are, of course, overworked.
(*) Small and Medium Busuiness