"Pick the most sensitive fields and encrypt those. Don't encrypt everything, because you're going to kill the performance on the database or have other issues with searching and access," Ouellet says.

Also, keep track of sensitive data elements as they move throughout the process. "They go from one database to maybe a smaller database," Ouellet says. "Is there a way you can leverage centralized storage, like a NAS or SAN, where both databases store their information in the SAN? There's replicated data, but at least it can be protected using an encryption appliance."

Few shortcuts for persistent encryption

Although encryption strategies exist for laptops, databases and backup tapes, transferring encrypted data from one storage level to the next remains a sticking point. In most cases, data must be decrypted and re-encrypted as it travels from one resting place to another.

"There are some solutions that bridge a couple of the different areas, such as laptop encryption and e-mail," Ouellet explains. "But as far as persistent encryption across the network -- not right now. "