Making a Decision
Once you’ve decided what encryption approach to take in your organization, you need to start narrowing down the field of products. There’s simply not enough time and space for me to go into this here, but I’d like to provide two sources of information.
The first is from the previously mentioned article. It has provided a one-page "report card" that describes many disk encryption vendors with a brief description of their product capabilities.
Next is the Cryptography and Encryption Mailing List. This site provides multiple sources. The first is a page of Disk Encryption Suites, similar to the previously mentioned report card. The next is the FDE Impact Analysis. This is an excellent resource if you’re concerned about how encryption will affect performance in your environment.
There are enough resources here to assist you in making a good risk-based decision, but each situation and each environment is unique. Try to get critical team members involved in the process. This should include anyone from the system/information owner all the way up the chain to the C-level executive whose name would be "hung out in the breeze" in the case of a data breach. Take the time to evaluate the options carefully, talk to several vendors, and perhaps even set up a pilot program to see how everything behaves in the real world.
But do take action before your company becomes the next one in the headlines.