There’s different types of encryption. The one you might know best is transmission encryption. A message is encrypted only while it is in transit over the wire between a source and destination. It is unprotected at either end. Then there is folder or file encryption. While a document is on the disk or in the folder it is secure. If the document leaves the folder, e.g. on USB stick or by email, it is not secure. Disk encryption (Windows Vista/7 BitLocker, SafeBoot, etc) or device (e.g. Windows 7 BitLocker to Go) encryption protect everything on a disk. You can put that disk in another machine and have no access to the data without authentication. But this doesn’t protect your data if it leaves that disk.
I just read a blog post where a company lost control of business data and it was put in a pretty compromised position. A document with valuable information left secure control and was available to "the wild". What can you do to protect documents in case they leave the safety of your encrypted network, folders or disks? What if your documents are out "in the wild"? Can you stop anyone from reading them?
Someone might suggest using passwords on those documents. You’ve probably seen something similar to "protect" Excel spreadsheets, etc. That won’t help. Such a password is easily cracked using 3rd party tools that you can buy on the net.
What will help is Rights Management Services (RMS). It first turned up as a free download for Windows Server 2003 (but requiring RMS CAL licensing) and Windows Server 2008 Active Directory Rights Management Services. Using x.509 certs, you can protect your documents no matter where they are. If someone copies documents and brings them home they have no access to them. If someone takes them to a competitor when they leave the company they have no access to them. If someone sends them to a press reporter they have no access to them. According to MS, "Users can define who can open, modify, print, forward, or take other actions with the information".
The cool thing about this solution is that it is AD integrated and ties directly into Office to make it very user friendly. You can define policies for controlling documents, set up Internet connectivity for non-connected users, set up MOSS 2007 integration and set up AD Federated Services for partner companies.
There’s a step-by-step guide here. Check the sub-pages in the navigation pane on the left for the content.