Edge encryption. This includes encrypting data at the point of entry on laptops, handhelds and desktop PCs. Basic encryption that requires a username and password offers little protection, but it's better than nothing, say industry watchers. A global key-management system for Windows offers better protection. Some laptop manufacturers are incorporating encryption capabilities in new models.

Enterprise digital rights management. This is the next big thing in key-management technology. Still in its early stages, DRM offers the potential for persistent encryption and security as data travels from laptop to e-mail, database and storage tape by assigning access rights to the file. DRM becomes more important as companies distribute protected documents beyond the enterprise to partners and vendors.

Quorum-based recovery. This is one of three key-management approaches that companies should consider. Quorum-based recovery requires a group of three to five administrators to grant permission before encryption keys can be recovered. Encryption specialists also advise that tape libraries shouldn't have to maintain the mapping of keys to tape volumes. This method adds another point of management and complicates long-term key escrow. It's also important to automatically replicate keys to an escrow service or tape library at a disaster recovery site for fast data recovery in case the originals are lost.

Data compression. Appliances trump software-based encryption at the database level when it comes to compression. Software-encrypted data can't be compressed. Encryption hardware devices have a compression chip in them, so they compress before they encrypt, which is a tape-drive space savings of 1.5 to 1.

Collett is a Computerworld contributing writer. Contact her at stcollett@aol.com.