Application-level crypto work great when the target surface is small and known, but fails badly otherwise.
Take a email you have received on a unix mail server, and lets assume it was sent encrypted. Is the search term database encrypted, the one that was created while the mail was decrypted? Is the reply you sent encrypted while resting in the sent directory? Are there logs, metadata, offline caches and similar leakage of data?
One should start with full-disk encryption, then add application-level encryption for defense in depth.
Take a email you have received on a unix mail server, and lets assume it was sent encrypted. Is the search term database encrypted, the one that was created while the mail was decrypted? Is the reply you sent encrypted while resting in the sent directory? Are there logs, metadata, offline caches and similar leakage of data?
One should start with full-disk encryption, then add application-level encryption for defense in depth.