@h4sh, thank you. I wasn't taking your post as being about us. I, too, get very irritated when services call "encryption at rest" is a defense against an exceedingly narrow threat. (Someone walks away with the hard drives.)
I get even more irritated when auditors and the like conflate that with what we do.