Re: You are not really familiar with computer security, are you?
Sure you do that - you block all known attack vectors to access the data.
Until someone comes up with a new idea or - as is likely in this case - someone turns an authorized user's computer into a trojan horse that effectively steals the documents.
For encryption at rest:
Many people think that's a silver bullet, however, if continous accessability of the information is part of the requirement (which is true in most cases) you need to distribute the password/private key in some form to the point of access, otherwise even the authorized end user cannot read and work with the data. That's why I tend to view most implementations of encryption at rest somewhat as snake oil. The just make it somewhat harder to extract cleartext data.
Same problem with air-gapping systems.
In this case you need to bring every user of the data behind the air gap. Which excludes such a solution from most real-world scenarios.
Especially in complex distributed development, where optimized sharing of documentation/information is regarded as key to mission success..
Biting the hand that feeds IT
