Steve, Nice word and the point of view is excellent. If we cannot protect "data at rest" we should at least protect the "data in motion". As you say it would be great to do both, and we should depending on the classification of the data being used. But there is even a fallacy in that. Our systems often do not know the difference between the data classification of each transaction, so it is far better to protect it all, just in case a programmer/analyst/developer/architect makes a mistake.

I cannot say that encryption covers a multitude of IT sins or errors, but every tool and strategy we can deploy to thwart the "enemy" we should.

Nice one!

Miles...