How much data security is right for your datacenter?

Data security is an ongoing concern for IT and one that is currently getting a lot of attention as cloud service providers offer applications that move data firmly out of the control of internal IT departments, at some point in the information lifecycle. The issue isn't just cloud related but it is beginning to become one of knowing where your data is and assuring that it is properly secured.

If I had to identify one technology for securing data that seems to be getting the most attention from vendors right now, it would be some form of encryption on the fly. The idea seems to draw its attraction from the apparent transparency of the technique, with data being processed in the same workflow that has already been established, but with an added layer, that is ideally unnoticeable to the consumers of the data, that adds the security of data encryption.

This data protection is appearing in various forms, from software components of cloud applications that do the data encryption/decryption to customer data as it moves to and from the cloud service, to low-lever hardware implementations in Intel's Xeon 5600 processors that use Intel AES-NI (Intel Advanced Encryption Standard - New Instructions) to do specialized encryption processing using features of the CPU.

Plus, of course, there are a range of dedicated appliances that sit on your network and encrypt the traffic that IT has decided merits this layer of security. These appliances sit in between the network and its connections that go to the outside world (or even othr network segments) and control the security of the data that passes through them

The question now becomes "What security model will work best for my datacenter?" If every service vendor is providing their own encryption, if applications what to handle their own encryption, and corporate pressure insists that internal capabilities be providing encryption, how do you make it all work together?  That's the question I'm currently looking to answer.