Here's an interesting older article from Bruce Schneier on securing data at rest, which goes over some of the points I mentioned earlier in my Who needs encryption? post.