Still, when TPM-enabled encryption is not an option, pure software full disk encryption can still give you considerable peace of mind, as well as provide the "safe harbor" benefits afforded encrypted systems in data-privacy regulations. Software full disk encryption solutions have also been around long enough that they're available for most mobile computing platforms, including Linux and Mac OS X.

TPM technology changes to come

Although TPM full disk encryption with hardware-based encryption in the hard drive is the best you can do for data protection today, security researchers are constantly testing TPM's mettle and devising improvements to it.

One potential vulnerability of today's separate TPM chip implementation is that keys must be transported across conductors in the motherboard to the CPU for software-based full disk encryption, or to the hard drive for hardware-based full disk encryption. That could provide an entry point for a hacker. That's why a major vendor trend is to move all TPM-oriented data manipulation on to the CPU chip set in the form of customized silicon. Intel has advertised its vPro solution, which is part of the upcoming and Eaglelake chip set. This feature will perform all encryption and decryption for SATA and eSATA drives without involving the CPU, OS device drivers, or even the hard drive itself.

Such an approach could make TPM even more secure. But there's no reason to wait until such chips are standard in laptops. With today's TPM-equipped laptops, and with the software-based fallback option for non-TPM laptops, you have a platform for a consistent, manageable, secure deployment strategy. Consider yourself lucky if you've successfully dodged the stolen laptop bullet thus far. But don't tempt fate -- or hackers. Implement some form of laptop encryption today.