The pin stripe wizards just decreed that all laptop and desktop disk drives running Windows must have full disk encryption. My colleague bent over and complied immediately. This weekend, his Windows OS is giving him a bluescreen. Too bad. The standard Windows boot/repair disk can't handle an encrypted image. He can't see his files anymore with Knoppix either. Brilliant. My laptop still isn't encrypted. It may never be based on the observed consequences. I'm watching with interest to see if the "help desk" has some kind of magic recovery tools for encrypted images. The encryption breaks disk defragmentation immediately upon installation. A hard disk used for compiling large projects gets fragmented rapidly. The "management" has traded "security" for functionality. I expect the loss of lots of critical project data to disk crashes instead of stolen laptops.
Wow! Someone here proposed hard disk encryption, and I shot them down immediately. My solution was for NO sensitive data to be stored on workstations. All sensitive data, and we have ALLOT of it is to be stored and used from servers. The data on 'the wire' between the workstations servers is encrypted using IPSEC. Of course this solution may not work for everyone, but it worked in our case.