Re: just to answer myself ,,,
Encryption at rest is hard. For most people it's ticking the "encrypt" box in EBS/NTFS/LVM but that doesn't really help in any situation except physical theft.
I'll best most of the supposedly IT literate Reg readership don't have all copies of their customer database encrypted.