"Encryption only provides confidentiality between the point of encryption and the point of decryption."
I know it’s a "duh" but it appears that many organizations aren’t actually considering this truism when putting together their encryption strategies.
Note that I said "confidentiality" – if you had been watching me type, you would have seen me use the word "protection" initially. I switched it to "confidentiality" because I sometimes wonder if encrypting the wrong things in the wrong places would still satisfy regulatory requirements and thereby provide a level of "protection" that has nothing to do with confidentiality.